URL: https://github.com/SSSD/sssd/pull/5689
Author: jakub-vavra-cz
Title: #5689: Tests: Add tests ported from bash for AD Parameters Domain
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5689/head:pr5689
git checkout pr5689
From 49160c74fe082e87f8739e06f57998c5896c8388 Mon Sep 17 00:00:00 2001
From: Jakub Vavra <jva...@redhat.com>
Date: Fri, 25 Jun 2021 15:07:42 +0200
Subject: [PATCH] Tests: Initial draft of AD parameters tests ported from bash.
---
.../multihost/ad/test_adparameters_all.py | 1156 +++++++++++++++++
1 file changed, 1156 insertions(+)
create mode 100644 src/tests/multihost/ad/test_adparameters_all.py
diff --git a/src/tests/multihost/ad/test_adparameters_all.py b/src/tests/multihost/ad/test_adparameters_all.py
new file mode 100644
index 0000000000..9224e2a026
--- /dev/null
+++ b/src/tests/multihost/ad/test_adparameters_all.py
@@ -0,0 +1,1156 @@
+""" AD-Provider AD Parameters Domain tests ported from bash
+
+:requirement: ad_parameters
+:casecomponent: sssd
+:subsystemteam: sst_idm_sssd
+:upstream: yes
+"""
+import time
+import pytest
+
+from sssd.testlib.common.utils import sssdTools
+
+
+@pytest.fixture(scope="class")
+def change_client_hostname(session_multihost, request):
+ """ Change client hostname to a truncated version in the AD domain"""
+ cmd = session_multihost.client[0].run_command('hostname', raiseonerr=False)
+ old_hostname = cmd.stdout_text.rstrip()
+ ad_domain = session_multihost.ad[0].domainname
+ try:
+ new_hostname = session_multihost.client[0].external_hostname.\
+ split('.')[0]
+ except (KeyError, AttributeError):
+ new_hostname = old_hostname.split('.')[0]
+ if new_hostname.startswith('ci-'):
+ new_hostname = new_hostname[3:]
+ new_hostname = new_hostname[:15] + "." + ad_domain
+ session_multihost.client[0].run_command(
+ f'hostname {new_hostname}', raiseonerr=False
+ )
+
+ def restore():
+ """ Restore hostname """
+ session_multihost.client[0].run_command(
+ f'hostname {old_hostname}',
+ raiseonerr=False
+ )
+ request.addfinalizer(restore)
+
+
+@pytest.mark.adparameters
+@pytest.mark.usefixtures("change_client_hostname")
+class TestADParamsPorted():
+ """ BZ Automated Test Cases for AD Parameters Domain ported from bash"""
+
+ @staticmethod
+ @pytest.mark.tier1
+ def test_0001_ad_parameters_domain(multihost, adjoin, create_aduser_group):
+ """
+ :title: IDM-SSSD-TC: ad_provider: ad_parameters: Set ad domain to
+ AD DOMAIN1
+ :id: 08a256e6-a56e-4726-adba-b9093dce8ede
+ :setup:
+ 1. Configure short domain name, clear cache and restart sssd.
+ 2. Create AD user and group.
+ :steps:
+ 1. Run getent passwd for the user and group
+ 2. Run getent group for the group
+ 3. Run check that su can switch to the ad user in short domain
+ 4. Check the sssd domain log
+ :expectedresults:
+ 1. User is found
+ 2. Group is found
+ 3. Su works as expected
+ 4. Log contains the expected lines
+ Option ad_domain has value ...
+ Option krb5_realm set to ...
+ :customerscenario: False
+ """
+ adjoin(membersw='adcli')
+ # Create AD user and group
+ (aduser, adgroup) = create_aduser_group
+ # Configure sssd
+ multihost.client[0].service_sssd('stop')
+ client = sssdTools(multihost.client[0], multihost.ad[0])
+ dom_section = f'domain/{client.get_domain_section_name()}'
+ ad_realm = multihost.ad[0].domainname.upper()
+ ad_domain_short = ad_realm.rsplit('.', 1)[0]
+ sssd_params = {
+ 'ldap_id_mapping': 'False',
+ 'ad_domain': ad_realm,
+ 'debug_level': '9',
+ 'use_fully_qualified_names': 'True',
+ 'cache_credentials': 'True',
+ 'krb5_store_password_if_offline': 'True',
+ 'full_name_format': '%2$s\\%1$s'
+ }
+ client.sssd_conf(dom_section, sssd_params)
+ client.clear_sssd_cache()
+ # Search for the user
+ usr_cmd = multihost.client[0].run_command(
+ f'getent passwd {ad_domain_short}\\\\{aduser}',
+ raiseonerr=False
+ )
+ # Search for the group
+ grp_cmd = multihost.client[0].run_command(
+ f'getent group {ad_domain_short}\\\\{adgroup}',
+ raiseonerr=False
+ )
+ # Run su command
+ su_cmd = multihost.client[0].run_command(
+ f'su - {ad_domain_short}\\\\{aduser} -c whoami',
+ raiseonerr=False
+ )
+ # Download the sssd domain log
+ log_str = multihost.client[0].get_file_contents(
+ f"/var/log/sssd/sssd_{multihost.ad[0].domainname.lower()}.log").\
+ decode('utf-8')
+ # Evaluate test results
+ assert f"Option ad_domain has value {ad_realm}" in log_str
+ assert f"Option krb5_realm set to {ad_realm}" in log_str
+ assert usr_cmd.returncode == 0, f"User {aduser} was not found."
+ assert grp_cmd.returncode == 0, f"Group {adgroup} was not found."
+ assert su_cmd.returncode == 0, "The su command failed!"
+
+ @staticmethod
+ @pytest.mark.tier1
+ def test_0002_ad_parameters_junk_domain(multihost, adjoin,
+ create_aduser_group):
+ """
+ :title: IDM-SSSD-TC: ad_provider: ad_parameters: Set ad domain to junk
+ and first entry in keytab is valid bz1091957
+ :id: 760bda92-a67b-42bd-a55f-89d57e16e294
+ :setup:
+ 1. Configure junk domain name, clear cache and restart sssd.
+ 2. Create AD user.
+ :steps:
+ 1. Check the sssd domain log for expected messages.
+ 2. Search for a user and check messages for segfault
+ :expectedresults:
+ 1. Log contains the expected lines:
+ No principal matching <hostname>$@JUNK found in keytab.
+ No principal matching host/*@JUNK found in keytab.
+ Selected realm: <ad_realm>
+ 2. There is no segfault in the /var/log/messages.
+ :customerscenario: False
+ :bugzilla:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1091957
+ """
+ adjoin(membersw='adcli')
+ client = sssdTools(multihost.client[0], multihost.ad[0])
+ # Backup the configuration because with broken config we can't leave ad
+ client.backup_sssd_conf()
+ # Create AD user with posix attributes
+ (aduser, _) = create_aduser_group
+ # Configure sssd to ad_domain = junk
+ multihost.client[0].service_sssd('stop')
+ dom_section = f'domain/{client.get_domain_section_name()}'
+ ad_realm = multihost.ad[0].domainname.upper()
+ sssd_params = {
+ 'ldap_id_mapping': 'False',
+ 'ad_domain': 'junk',
+ 'ad_server': multihost.ad[0].hostname,
+ 'debug_level': '9',
+ 'use_fully_qualified_names': 'True',
+ 'cache_credentials': 'True',
+ 'krb5_store_password_if_offline' : 'True',
+ 'fallback_homedir': '/home/%d/%u',
+ 'full_name_format': '%2$s\\%1$s',
+ }
+ client.sssd_conf(dom_section, sssd_params)
+ client.clear_sssd_cache()
+
+ # Download sssd domain log
+ log_str = multihost.client[0].get_file_contents(
+ f"/var/log/sssd/sssd_{multihost.ad[0].domainname.lower()}.log").\
+ decode('utf-8')
+
+ hostname_cmd = multihost.client[0].run_command(
+ 'hostname -s',
+ raiseonerr=False
+ )
+ shortname = hostname_cmd.stdout_text.rstrip().upper()
+
+ #shortname = multihost.client[0].external_hostname.upper().\
+ # split('.')[0]
+
+ # Clean /var/log/messages so previous content does not interfere
+ multihost.client[0].run_command('truncate --size 0 /var/log/messages',
+ raiseonerr=False)
+ # Run getent passwd
+ multihost.client[0].run_command(
+ f'getent passwd {ad_realm}\\\\{aduser}',
+ raiseonerr=False
+ )
+ # Download /var/log/messages
+ log_msg_str = multihost.client[0].get_file_contents(
+ '/var/log/messages').decode('utf-8')
+ # Restore sssd.conf
+ client.restore_sssd_conf()
+
+ # Evaluate test results
+ assert f"No principal matching {shortname}$@JUNK found in keytab." in\
+ log_str
+ assert "No principal matching host/*@JUNK found in keytab." in log_str
+ assert f"Selected realm: {ad_realm}" in log_str
+ assert "segfault" not in log_msg_str, "Segfault present in the log!"
+
+ @staticmethod
+ @pytest.mark.tier1
+ def test_0003_ad_parameters_junk_domain_invalid_keytab(
+ multihost,
+ adjoin,
+ create_aduser_group
+ ):
+ """
+ :title: IDM-SSSD-TC: ad_provider: ad_parameters: Set ad domain to junk
+ and first entry in keytab is invalid
+ :id: ed1a1607-f9f1-4d3c-afbe-c6c1a6ce330b
+ :setup:
+ 1. Create an AD user.
+ 2. Configure junk domain name in sssd.conf.
+ 3. Create keytab with first item with INVALIDDOMAIN.COM.
+ 4. Clear cache and restart sssd.
+ :steps:
+ 1. Run getent passwd for the user.
+ 2. Check the sssd domain log for expected messages.
+ :expectedresults:
+ 1. User is not found.
+ 2. Log contains the expected lines:
+ No principal matching host/*@JUNK found in keytab.
+ Selected realm: INVALIDDOMAIN.COM
+ Option krb5_realm set to JUNK
+ :teardown:
+ 1. Restore keytab.
+ 2. Remove AD user.
+ :customerscenario: False
+ :bugzilla:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1091957
+ """
+ adjoin(membersw='adcli')
+ client = sssdTools(multihost.client[0], multihost.ad[0])
+ # Backup the configuration because with broken config we can't leave ad
+ client.backup_sssd_conf()
+ # Create AD user with posix attributes
+ (aduser, _) = create_aduser_group
+ # Configure sssd with junk domain
+ multihost.client[0].service_sssd('stop')
+ dom_section = f'domain/{client.get_domain_section_name()}'
+ ad_realm = multihost.ad[0].domainname.upper()
+ ad_domain_short = ad_realm.rsplit('.', 1)[0]
+ sssd_params = {
+ 'ldap_id_mapping': 'False',
+ 'ad_domain': 'junk',
+ 'ad_server': multihost.ad[0].hostname,
+ 'debug_level': '9',
+ 'use_fully_qualified_names': 'True',
+ 'cache_credentials': 'True',
+ 'krb5_store_password_if_offline': 'True',
+ 'fallback_homedir': '/home/%d/%u',
+ 'full_name_format': '%2$s\\%1$s',
+ }
+ client.sssd_conf(dom_section, sssd_params)
+ client.sssd_conf(dom_section, {'krb5_realm': 'delme'}, action='delete')
+ # Backup keytab
+ multihost.client[0].run_command(
+ 'cp /etc/krb5.keytab /etc/krb5.keytab.working',
+ raiseonerr=False
+ )
+ # Create invalid keytab /tmp/first_invalid.keytab
+
+ hostname_cmd = multihost.client[0].run_command(
+ 'hostname -s',
+ raiseonerr=False
+ )
+ shortname = hostname_cmd.stdout_text.rstrip().upper()
+
+ #shortname = multihost.client[0].external_hostname.upper().split('.')[0]
+ ktutil_cmd = f'echo -e "addent -password -p host/{shortname}@' \
+ f'INVALIDDOMAIN.COM -k 2 -e rc4-hmac\\nSecret123\\nrkt ' \
+ f'/etc/krb5.keytab\\nwkt /tmp/first_invalid.' \
+ f'keytab\\nquit\\n" | ktutil'
+ multihost.client[0].run_command(ktutil_cmd, raiseonerr=False)
+ # Get keytab info for debugging purposes
+ multihost.client[0].run_command(
+ 'file /tmp/first_invalid.keytab',
+ raiseonerr=False
+ )
+ # Place keytab with invalid first item
+ multihost.client[0].run_command(
+ 'cp -f /tmp/first_invalid.keytab /etc/krb5.keytab; '
+ 'restorecon /etc/krb5.keytab; ',
+ raiseonerr=False
+ )
+ # Clear cache and restart SSSD
+ client.clear_sssd_cache()
+ # Search for the AD user
+ usr_cmd = multihost.client[0].run_command(
+ f'getent passwd {ad_domain_short}\\\\{aduser}',
+ raiseonerr=False
+ )
+ # Download sssd log
+ log_str = multihost.client[0].get_file_contents(
+ f"/var/log/sssd/sssd_{multihost.ad[0].domainname.lower()}.log").\
+ decode('utf-8')
+ # Restore keytab before test result evaluation
+ multihost.client[0].run_command(
+ 'cp -f /etc/krb5.keytab.working /etc/krb5.keytab; '
+ 'restorecon /etc/krb5.keytab',
+ raiseonerr=False
+ )
+ # Restore sssd config
+ client.restore_sssd_conf()
+ # Evaluate test results
+ assert usr_cmd.returncode == 2, f"{aduser} was unexpectedly found!"
+ assert "No principal matching host/*@JUNK found in keytab." in log_str
+ assert "Selected realm: INVALIDDOMAIN.COM" in log_str
+ assert "Option krb5_realm set to JUNK" in log_str
+
+ @staticmethod
+ @pytest.mark.tier1
+ def test_0004_ad_parameters_valid_domain_shorthost(
+ multihost,
+ adjoin,
+ create_aduser_group
+ ):
+ """
+ :title: IDM-SSSD-TC: ad_provider: ad_parameters: ad domain is valid
+ and principal should default to SHORTHOST bz892197
+ :id: 63700bc9-d9f7-4a15-94c8-b6ef23fd329b
+ :setup:
+ 1. Create an AD user.
+ 2. Clear cache and restart sssd.
+ :steps:
+ 1. Run getent passwd for the user.
+ 2. Check the sssd domain log for expected messages.
+ 3. Run su to the user.
+ :expectedresults:
+ 1. User is found.
+ 2. Log contains the expected line:
+ Trying to find principal <HOST_SHORT_PRINC>$@<AD_SERVER1_REALM>
+ 3. User is switched successfully.
+ :teardown:
+ 1. Remove AD user.
+ :customerscenario: False
+ :bugzilla:
+ https://bugzilla.redhat.com/show_bug.cgi?id=892197
+ """
+ adjoin(membersw='adcli')
+ client = sssdTools(multihost.client[0], multihost.ad[0])
+ # Backup the configuration because with broken config we can't leave ad
+ client.backup_sssd_conf()
+ # Create AD user with posix attributes
+ (aduser, _) = create_aduser_group
+ # Configure sssd to disable ldap_id_mapping and enable logging
+ multihost.client[0].service_sssd('stop')
+ dom_section = f'domain/{client.get_domain_section_name()}'
+ ad_realm = multihost.ad[0].domainname.upper()
+ ad_domain_short = ad_realm.rsplit('.', 1)[0]
+ sssd_params = {
+ 'ldap_id_mapping': 'False',
+ 'ad_domain': multihost.ad[0].domainname,
+ 'debug_level': '9',
+ 'use_fully_qualified_names': 'True',
+ 'cache_credentials': 'True',
+ 'krb5_store_password_if_offline': 'True',
+ 'fallback_homedir': '/home/%d/%u',
+ 'full_name_format': '%2$s\\%1$s',
+ }
+ client.sssd_conf(dom_section, sssd_params)
+ # Clear cache and restart SSSD
+ client.clear_sssd_cache()
+ time.sleep(15)
+ # Download sssd log
+ log_str = multihost.client[0].get_file_contents(
+ f"/var/log/sssd/sssd_{multihost.ad[0].domainname.lower()}.log").\
+ decode('utf-8')
+
+ hostname_cmd = multihost.client[0].run_command(
+ 'hostname -s',
+ raiseonerr=False
+ )
+ shortname = hostname_cmd.stdout_text.rstrip().upper()
+ #shortname = multihost.client[0].external_hostname.upper().\
+ # split('.')[0]
+ # Search for the AD user
+ usr_cmd = multihost.client[0].run_command(
+ f'getent passwd {ad_domain_short}\\\\{aduser}',
+ raiseonerr=False
+ )
+ # Run su
+ su_cmd = multihost.client[0].run_command(
+ f'su - {ad_domain_short}\\\\{aduser} -c whoami',
+ raiseonerr=False
+ )
+ # Restore sssd config
+ client.restore_sssd_conf()
+ # Evaluate test results
+ assert f"Trying to find principal {shortname}$@{ad_realm}" in log_str
+ assert usr_cmd.returncode == 0, f"User {aduser} was not found."
+ assert su_cmd.returncode == 0, "The su command failed!"
+
+ @staticmethod
+ @pytest.mark.tier1
+ def test_0005_ad_parameters_blank_domain(
+ multihost,
+ adjoin,
+ create_aduser_group
+ ):
+ """
+ :title: IDM-SSSD-TC: ad_provider: ad_parameters: Set ad domain to blank
+ should default to sssd domain
+ :id: 18f6ceac-283e-43e7-96b8-e4d8d7bda7d1
+ :setup:
+ 1. Create an AD user.
+ 2. Configure blank domain name in sssd.conf.
+ 3. Clear cache and restart sssd.
+ :steps:
+ 1. Run getent passwd for the user.
+ 2. Check the sssd domain log for expected messages.
+ 3. Run su to the user.
+ :expectedresults:
+ 1. User is found
+ 2. Log contains the expected line:
+ Trying to find principal <HOST_SHORT_PRINC>$@<AD_SERVER1_REALM>
+ 3. User is switched successfully.
+ :teardown:
+ 1. Remove AD user.
+ :customerscenario: False
+ :bugzilla:
+ https://bugzilla.redhat.com/show_bug.cgi?id=892197
+ """
+ adjoin(membersw='adcli')
+ client = sssdTools(multihost.client[0], multihost.ad[0])
+ # Backup the configuration because with broken config we can't leave ad
+ client.backup_sssd_conf()
+ # Create AD user with posix attributes
+ (aduser, adgroup) = create_aduser_group
+ # Configure sssd to disable ldap_id_mapping and enable logging
+ multihost.client[0].service_sssd('stop')
+ dom_section = f'domain/{client.get_domain_section_name()}'
+ ad_realm = multihost.ad[0].domainname.upper()
+ ad_domain_short = ad_realm.rsplit('.', 1)[0]
+ sssd_params = {
+ 'ldap_id_mapping': 'False',
+ 'ad_domain': '',
+ 'debug_level': '9',
+ 'use_fully_qualified_names': 'True',
+ 'cache_credentials': 'True',
+ 'krb5_store_password_if_offline': 'True',
+ 'fallback_homedir': '/home/%d/%u',
+ 'full_name_format': '%2$s\\%1$s',
+ }
+ client.sssd_conf(dom_section, sssd_params)
+ # Clear cache and restart SSSD
+ client.clear_sssd_cache()
+ time.sleep(15)
+ # Search for the AD user
+ usr_cmd = multihost.client[0].run_command(
+ f'getent passwd {ad_domain_short}\\\\{aduser}',
+ raiseonerr=False
+ )
+ # Search for the AD group
+ grp_cmd = multihost.client[0].run_command(
+ f'getent group {ad_domain_short}\\\\{adgroup}',
+ raiseonerr=False
+ )
+ # Run su
+ su_cmd = multihost.client[0].run_command(
+ f'su - {ad_domain_short}\\\\{aduser} -c whoami',
+ raiseonerr=False
+ )
+ # Download sssd log
+ log_str = multihost.client[0].get_file_contents(
+ f"/var/log/sssd/sssd_{multihost.ad[0].domainname.lower()}.log").\
+ decode('utf-8')
+ # Restore sssd config
+ client.restore_sssd_conf()
+ # Evaluate test results
+ assert "Option ad_domain has no value" in log_str
+ assert f"Option krb5_realm set to {ad_realm}" in log_str
+ assert usr_cmd.returncode == 0, f"User {aduser} was not found!"
+ assert grp_cmd.returncode == 0, f"Group {adgroup} was not found!"
+ assert su_cmd.returncode == 0, "The su command failed!"
+
+
+ @staticmethod
+ @pytest.mark.tier1
+ def test_0006_ad_parameters_homedir_override_nss(multihost, adjoin,
+ create_aduser_group):
+ """
+ :title: IDM-SSSD-TC: ad_provider: ad_parameters: override homedir to
+ UPN and login name in nss section bz1137015
+ :id: ea57bb9b-802b-40e4-ad6a-7ae0b4d3f927
+ :setup:
+ 1. Configure homedir override in nss section,
+ clear cache and restart sssd.
+ 2. Create an AD user.
+ :steps:
+ 1. Run getent passwd for the user and verify the home location.
+ :expectedresults:
+ 1. User is found and homedir is overridden.
+ :customerscenario: False
+ :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1137015
+ """
+ ad_domain = multihost.ad[0].domainname
+
+ hostname_cmd = multihost.client[0].run_command(
+ 'hostname -s',
+ raiseonerr=False
+ )
+ shortname = hostname_cmd.stdout_text.rstrip()
+ adjoin(membersw='adcli')
+ # Create AD user and group
+ (aduser, _) = create_aduser_group
+ # Configure sssd
+ multihost.client[0].service_sssd('stop')
+ client = sssdTools(multihost.client[0], multihost.ad[0])
+ dom_section = f'domain/{client.get_domain_section_name()}'
+
+ sssd_params = {
+ 'debug_level': '9',
+ 'use_fully_qualified_names': 'True',
+ 'cache_credentials': 'True',
+ 'ldap_id_mapping': 'False',
+ }
+ client.sssd_conf(dom_section, sssd_params)
+ client.sssd_conf('nss', {'override_homedir': '/home/%P/%u'})
+ client.clear_sssd_cache()
+ # Search for the user
+ usr_cmd = multihost.client[0].run_command(
+ f'getent passwd {aduser}@{ad_domain}',
+ raiseonerr=False
+ )
+
+ # Evaluate test results
+ assert f'/home/{aduser}@{ad_domain.upper()}/{aduser}' in\
+ usr_cmd.stdout_text
+
+ @staticmethod
+ @pytest.mark.tier1
+ def test_0007_ad_parameters_homedir_override_domain(multihost, adjoin,
+ create_aduser_group):
+ """
+ :title: IDM-SSSD-TC: ad_provider: ad_parameters: override homedir
+ to UPN and login name in domain section
+ :id: 76b021af-37cb-49a4-8109-d2cf99f05c48
+ :setup:
+ 1. Configure homedir override in domain section,
+ clear cache and restart sssd.
+ 2. Create an AD user.
+ :steps:
+ 1. Run getent passwd for the user and verify the home location.
+ :expectedresults:
+ 1. User is found and homedir is overridden.
+ :customerscenario: False
+ :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1137015
+ """
+ ad_domain = multihost.ad[0].domainname
+ hostname_cmd = multihost.client[0].run_command(
+ 'hostname -s',
+ raiseonerr=False
+ )
+ shortname = hostname_cmd.stdout_text.rstrip()
+ adjoin(membersw='adcli')
+ # Create AD user and group
+ (aduser, _) = create_aduser_group
+ # Configure sssd
+ multihost.client[0].service_sssd('stop')
+ client = sssdTools(multihost.client[0], multihost.ad[0])
+ dom_section = f'domain/{client.get_domain_section_name()}'
+ sssd_params = {
+ 'debug_level': '9',
+ 'use_fully_qualified_names': 'True',
+ 'cache_credentials': 'True',
+ 'ldap_id_mapping': 'False',
+ 'override_homedir': '/home/%P/%u'
+ }
+ client.sssd_conf(dom_section, sssd_params)
+ client.clear_sssd_cache()
+ # Search for the user
+ usr_cmd = multihost.client[0].run_command(
+ f'getent passwd {aduser}@{ad_domain}',
+ raiseonerr=False
+ )
+
+ # Evaluate test results
+ assert f'/home/{aduser}@{ad_domain.upper()}/{aduser}' in\
+ usr_cmd.stdout_text
+
+ @staticmethod
+ @pytest.mark.tier1
+ def test_0008_ad_parameters_homedir_override_both(multihost, adjoin,
+ create_aduser_group):
+ """
+ :title: IDM-SSSD-TC: ad_provider: ad_parameters: override homedir
+ in both nss and domain section
+ :id: ffa3f09e-7f16-463f-9828-edf9491bfb2e
+ :setup:
+ 1. Configure homedir override both in nss and domain sections,
+ clear cache and restart sssd.
+ 2. Create an AD user.
+ :steps:
+ 1. Run getent passwd for the user and verify the home location.
+ :expectedresults:
+ 1. User is found and homedir is overridden by domain template.
+ :customerscenario: False
+ :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1137015
+ """
+ ad_domain = multihost.ad[0].domainname
+ hostname_cmd = multihost.client[0].run_command(
+ 'hostname -s',
+ raiseonerr=False
+ )
+ shortname = hostname_cmd.stdout_text.rstrip()
+ adjoin(membersw='adcli')
+ # Create AD user and group
+ (aduser, _) = create_aduser_group
+ # Configure sssd
+ multihost.client[0].service_sssd('stop')
+ client = sssdTools(multihost.client[0], multihost.ad[0])
+ dom_section = f'domain/{client.get_domain_section_name()}'
+ sssd_params = {
+ 'debug_level': '9',
+ 'use_fully_qualified_names': 'True',
+ 'cache_credentials': 'True',
+ 'ldap_id_mapping': 'False',
+ 'override_homedir': '/home/%u/%P',
+ }
+ client.sssd_conf(dom_section, sssd_params)
+ client.sssd_conf('nss', {'override_homedir': '/home/%P/%u'})
+ client.clear_sssd_cache()
+ # Search for the user
+ usr_cmd = multihost.client[0].run_command(
+ f'getent passwd {aduser}@{ad_domain}',
+ raiseonerr=False
+ )
+ # Evaluate test results
+ assert f'/home/{aduser}/{aduser}@{ad_domain.upper()}' in\
+ usr_cmd.stdout_text
+
+ @staticmethod
+ @pytest.mark.tier1
+ def test_0009_ad_parameters_ldap_sasl_full(multihost, adjoin,
+ create_aduser_group):
+ """
+ :title: IDM-SSSD-TC: ad_provider: ad_parameters: Using full principal
+ bz877972
+ :id: 9b71822b-09e0-48f9-9163-3b547364364e
+ :setup:
+ 1. Configure ldap_sasl_authid to host/<HOSTNAME>@<AD_REALM>
+ clear cache and restart sssd.
+ 2. Create an AD user.
+ :steps:
+ 1. Run getent passwd for the user.
+ 2. Run su for the user.
+ 3. Check sssd domain log for expected messages:
+ Option ldap_sasl_authid has value host/<HOSTNAME>@<AD_REALM>
+ authid contains realm [<AD_REALM>]
+ Will look for host/<HOSTNAME>@<AD_REALM> in
+ Trying to find principal host/<HOSTNAME>@<AD_REALM> in keytab
+ Principal matched to the sample (host/<HOSTNAME>@<AD_REALM>)
+ :expectedresults:
+ 1. User is found.
+ 2. Su passes.
+ 3. Expected lines are in the log.
+ :customerscenario: False
+ :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=877972
+ """
+ ad_domain = multihost.ad[0].domainname
+
+ hostname_cmd = multihost.client[0].run_command(
+ 'hostname -s',
+ raiseonerr=False
+ )
+ shortname = hostname_cmd.stdout_text.rstrip()
+ adjoin(membersw='adcli')
+ # Create AD user
+ (aduser, _) = create_aduser_group
+ # Configure sssd
+ ad_realm = multihost.ad[0].domainname.upper()
+ multihost.client[0].service_sssd('stop')
+ client = sssdTools(multihost.client[0], multihost.ad[0])
+ dom_section = f'domain/{client.get_domain_section_name()}'
+ sssd_params = {
+ 'debug_level': '9',
+ 'ad_domain': multihost.ad[0].domainname.lower(),
+ 'ad_server': multihost.ad[0].hostname,
+ 'use_fully_qualified_names': 'False',
+ 'cache_credentials': 'True',
+ #'ldap_id_mapping': 'False',
+ 'ldap_sasl_authid': f'host/{shortname}.{ad_domain}@{ad_realm}',
+ }
+ client.sssd_conf(dom_section, sssd_params)
+ client.clear_sssd_cache()
+ # Search for the user
+ usr_cmd = multihost.client[0].run_command(
+ f'getent passwd {aduser}',
+ raiseonerr=False
+ )
+ # Run su command
+ su_cmd = multihost.client[0].run_command(
+ f'su - {aduser} -c whoami',
+ raiseonerr=False
+ )
+ # Download the sssd domain log
+ log_str = multihost.client[0].get_file_contents(
+ f"/var/log/sssd/sssd_{multihost.ad[0].domainname.lower()}.log"). \
+ decode('utf-8')
+
+ # TODO: DELETE
+ multihost.client[0].run_command(
+ f"cat /var/log/sssd/sssd_{multihost.ad[0].domainname.lower()}.log",
+ raiseonerr=False
+ )
+
+ assert f"Option ldap_sasl_authid has value host/{shortname}.{ad_domain}@{ad_realm}" in log_str
+ assert f"authid contains realm" in log_str
+ assert f"Will look for host/{shortname}.{ad_domain}@{ad_realm} in" in log_str
+ assert f"Trying to find principal host/{shortname}.{ad_domain}@{ad_realm} in keytab" in log_str
+ assert f"Principal matched to the sample (host/{shortname}.{ad_domain}@{ad_realm})" in log_str
+ assert usr_cmd.returncode == 0, f"User {aduser} was not found!"
+ assert su_cmd.returncode == 0, f"Su for user {aduser} failed!"
+
+ @staticmethod
+ @pytest.mark.tier1
+ def test_0010_ad_parameters_ldap_sasl_short(multihost, adjoin,
+ create_aduser_group):
+ """
+ :title: IDM-SSSD-TC: ad_provider: ad_parameters: Using short principal
+ :id: 6f1cc204-0dd3-40eb-a3e2-a113cc7c2df3
+ :setup:
+ 1. Configure ,
+ clear cache and restart sssd.
+ 2. Create an AD user.
+ :steps:
+ 1. Run getent passwd for the user and verify the home location.
+ :expectedresults:
+ 1. User is found and homedir is overridden.
+ :customerscenario: False
+ :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1137015
+ """
+ ad_domain = multihost.ad[0].domainname
+ hostname_cmd = multihost.client[0].run_command(
+ 'hostname -s',
+ raiseonerr=False
+ )
+ shortname = hostname_cmd.stdout_text.rstrip()
+ adjoin(membersw='adcli')
+ # Create AD user
+ (aduser, _) = create_aduser_group
+ # Configure sssd
+ ad_realm = multihost.ad[0].domainname.upper()
+ multihost.client[0].service_sssd('stop')
+ client = sssdTools(multihost.client[0], multihost.ad[0])
+ dom_section = f'domain/{client.get_domain_section_name()}'
+ sssd_params = {
+ 'debug_level': '9',
+ 'ad_domain': multihost.ad[0].domainname.lower(),
+ 'ad_server': multihost.ad[0].hostname,
+ 'use_fully_qualified_names': 'False',
+ 'cache_credentials': 'True',
+ #'ldap_id_mapping': 'False',
+ 'ldap_sasl_authid': f'host/{shortname}',
+ }
+ client.sssd_conf(dom_section, sssd_params)
+ client.clear_sssd_cache()
+ # Search for the user
+ usr_cmd = multihost.client[0].run_command(
+ f'getent passwd {aduser}',
+ raiseonerr=False
+ )
+ # Run su command
+ su_cmd = multihost.client[0].run_command(
+ f'su - {aduser} -c whoami',
+ raiseonerr=False
+ )
+ # Download the sssd domain log
+ log_str = multihost.client[0].get_file_contents(
+ f"/var/log/sssd/sssd_{multihost.ad[0].domainname.lower()}.log"). \
+ decode('utf-8')
+
+ # TODO: DELETE
+ multihost.client[0].run_command(
+ f"cat /var/log/sssd/sssd_{multihost.ad[0].domainname.lower()}.log",
+ raiseonerr=False
+ )
+ # Evaluate test results
+ assert f"Option ldap_sasl_authid has value host/{shortname}" in log_str
+ assert f"authid contains realm" not in log_str
+ assert f"Will look for host/{shortname}.{ad_domain}@{ad_realm} in" in log_str
+ assert f"Trying to find principal host/{shortname}.{ad_domain}@{ad_realm} in keytab" in log_str
+ assert f"Principal matched to the sample (host/{shortname}.{ad_domain}@{ad_realm})" in log_str
+ assert usr_cmd.returncode == 0, f"User {aduser} was not found!"
+ assert su_cmd.returncode == 0, f"Su for user {aduser} failed!"
+
+# rlPhaseStartTest "Using full principal bz877972"
+#
+# default_sssd_conf
+# unindent <<<"
+# ad_server = $AD_SERVER1
+# ad_domain = $AD_DOMAIN1
+# ldap_sasl_authid=host/$HOSTNAME@$AD_SERVER1_REALM
+# " >> /etc/sssd/sssd.conf
+# sssd_clear_logs
+# sssd_restart_clean
+# sssd_unprivileged_user_test
+#
+# rlAssertGrep "Option ldap_sasl_authid has value host/$HOSTNAME@$AD_SERVER1_REALM" "/var/log/sssd/sssd_$AD_DOMAIN1.log"
+# rlAssertGrep "authid contains realm \[$AD_SERVER1_REALM\]" "/var/log/sssd/sssd_$AD_DOMAIN1.log"
+# rlAssertGrep "Will look for host/$HOSTNAME@$AD_SERVER1_REALM in" "/var/log/sssd/sssd_$AD_DOMAIN1.log"
+# rlAssertGrep "Trying to find principal host/$HOSTNAME@$AD_SERVER1_REALM in keytab" "/var/log/sssd/sssd_$AD_DOMAIN1.log"
+# rlAssertGrep "Principal matched to the sample (host/$HOSTNAME@$AD_SERVER1_REALM)" "/var/log/sssd/sssd_$AD_DOMAIN1.log"
+#
+# rlRun "getent passwd testuser01-${JOBID}"
+# rlRun "su_success testuser01-${JOBID} Secret123"
+# rlPhaseEnd
+#
+#
+# rlPhaseStartTest "Using short principal"
+#
+# default_sssd_conf
+# unindent <<<"
+# ad_server = $AD_SERVER1
+# ad_domain = $AD_DOMAIN1
+# ldap_sasl_authid=host/$HOSTNAME
+# " >> /etc/sssd/sssd.conf
+# sssd_clear_logs
+# sssd_restart_clean
+# sssd_unprivileged_user_test
+#
+# rlAssertGrep "Option ldap_sasl_authid set to host/$HOSTNAME" "/var/log/sssd/sssd_$AD_DOMAIN1.log"
+# rlAssertNotGrep "authid contains realm" "/var/log/sssd/sssd_$AD_DOMAIN1.log"
+# rlAssertGrep "Will look for host/$HOSTNAME@$AD_SERVER1_REALM in" "/var/log/sssd/sssd_$AD_DOMAIN1.log"
+# rlAssertGrep "Trying to find principal host/$HOSTNAME@$AD_SERVER1_REALM in keytab" "/var/log/sssd/sssd_$AD_DOMAIN1.log"
+# rlAssertGrep "Principal matched to the sample (host/$HOSTNAME@$AD_SERVER1_REALM)" "/var/log/sssd/sssd_$AD_DOMAIN1.log"
+#
+# rlRun "getent passwd testuser01-${JOBID}"
+# rlRun "su_success testuser01-${JOBID} Secret123"
+#
+# rlPhaseEnd
+
+ @staticmethod
+ @pytest.mark.tier1
+ def test_0011_ad_parameters_server_resolvable(multihost, adjoin,
+ create_aduser_group):
+ """
+ :title: IDM-SSSD-TC: ad_provider: ad_parameters: Set ad server to
+ resolvable hostname
+ :id: 4493644f-9a03-4c50-9d87-3683d05152a0
+ :setup:
+ 1. Configure, ad_server to resolvable name
+ clear cache and restart sssd.
+ 2. Create an AD user and group.
+ :steps:
+ 1. Run getent passwd for the user and get uid.
+ 2. Run getent group for the group and get gid.
+ 3. Run getent passwd with uid.
+ 4. Run getent passwd with gid.
+ 5. Run su for the user.
+ 6. Search logs for specific messages in sssd domain log.
+ Option ad_domain has value <AD_DOMAIN1>.
+ Option krb5_realm set to <AD_SERVER1_REALM>.
+ :expectedresults:
+ 1. User is found.
+ 2. Group is found.
+ 3. User is found by uid.
+ 4. Group is found by gid.
+ 5. Su passes.
+ 6. The lines are present in the log.
+ :customerscenario: False
+ """
+ ad_domain = multihost.ad[0].domainname
+ hostname_cmd = multihost.client[0].run_command(
+ 'hostname -s',
+ raiseonerr=False
+ )
+ shortname = hostname_cmd.stdout_text.rstrip()
+ adjoin(membersw='adcli')
+ # Create AD user
+ (aduser, adgroup) = create_aduser_group
+ # Configure sssd
+ ad_realm = multihost.ad[0].domainname.upper()
+ multihost.client[0].service_sssd('stop')
+ client = sssdTools(multihost.client[0], multihost.ad[0])
+ dom_section = f'domain/{client.get_domain_section_name()}'
+ sssd_params = {
+ 'debug_level': '9',
+ 'ad_domain': multihost.ad[0].domainname.lower(),
+ 'ad_server': multihost.ad[0].hostname,
+ 'use_fully_qualified_names': 'False',
+ 'cache_credentials': 'True',
+ }
+ client.sssd_conf(dom_section, sssd_params)
+ client.clear_sssd_cache()
+
+ # Search for the user and get its uid
+ usr_cmd = multihost.client[0].run_command(
+ f'getent passwd {aduser} | cut -d: -f3',
+ raiseonerr=False
+ )
+ uid = usr_cmd.stdout_text.rstrip()
+
+ # Search for the group and get its gid
+ grp_cmd = multihost.client[0].run_command(
+ f'getent group {adgroup} | cut -d: -f3',
+ raiseonerr=False
+ )
+ gid = grp_cmd.stdout_text.rstrip()
+ # Search for the user by uid
+ uid_cmd = multihost.client[0].run_command(
+ f'getent passwd {uid}',
+ raiseonerr=False
+ )
+ # Search for the group by gid
+ gid_cmd = multihost.client[0].run_command(
+ f'getent group {gid}',
+ raiseonerr=False
+ )
+ # Run su command
+ su_cmd = multihost.client[0].run_command(
+ f'su - {aduser} -c whoami',
+ raiseonerr=False
+ )
+
+ # Download the sssd domain log
+ log_str = multihost.client[0].get_file_contents(
+ f"/var/log/sssd/sssd_{multihost.ad[0].domainname.lower()}.log"). \
+ decode('utf-8')
+
+ assert f"Option ad_domain has value {multihost.ad[0].domainname.lower()}" in log_str
+ assert f"Option krb5_realm set to {ad_realm}" in log_str
+ assert usr_cmd.returncode == 0, f"User {aduser} was not found!"
+ assert grp_cmd.returncode == 0, f"Group {adgroup} was not found!"
+ assert uid_cmd.returncode == 0, f"User with {uid} was not found!"
+ assert gid_cmd.returncode == 0, f"Group with {gid} was not found!"
+ assert su_cmd.returncode == 0, "The su command failed!"
+
+ @staticmethod
+ @pytest.mark.tier1
+ def test_0012_ad_parameters_server_unresolvable(multihost, adjoin,
+ create_aduser_group):
+ """
+ :title: IDM-SSSD-TC: ad_provider: ad_parameters: Set ad server to
+ unresolvable hostname
+ :id: d3e96e63-5e17-4bc9-b35e-86b80fa3bcec
+ :setup:
+ 1. Configure, ad_server to an unresolvable name
+ clear cache and restart sssd.
+ 2. Create an AD user and group.
+ :steps:
+ 1. Run getent passwd for the user.
+ 2. Search logs for specific message(s) in sssd domain log.
+ Failed to resolve server 'unresolved.<AD_DOMAIN1>'
+ Going offline
+ :expectedresults:
+ 1. User is not found.
+ 2. The line(s) are present in the log.
+ :customerscenario: False
+ """
+ ad_domain = multihost.ad[0].domainname
+ # hostname_cmd = multihost.client[0].run_command(
+ # 'hostname -s',
+ # raiseonerr=False
+ # )
+ # shortname = hostname_cmd.stdout_text.rstrip()
+ adjoin(membersw='adcli')
+ # Create AD user
+ (aduser, adgroup) = create_aduser_group
+ # Configure sssd
+ ad_realm = multihost.ad[0].domainname.upper()
+ multihost.client[0].service_sssd('stop')
+ client = sssdTools(multihost.client[0], multihost.ad[0])
+ dom_section = f'domain/{client.get_domain_section_name()}'
+ sssd_params = {
+ 'debug_level': '9',
+ 'ad_domain': multihost.ad[0].domainname.lower(),
+ 'ad_server': f'unresolved.{multihost.ad[0].domainname.lower()}',
+ 'use_fully_qualified_names': 'False',
+ 'cache_credentials': 'True',
+ }
+ client.sssd_conf(dom_section, sssd_params)
+ client.clear_sssd_cache()
+
+ # Search for the user and get its uid
+ usr_cmd = multihost.client[0].run_command(
+ f'getent passwd {aduser}',
+ raiseonerr=False
+ )
+
+ # Download the sssd domain log
+ log_str = multihost.client[0].get_file_contents(
+ f"/var/log/sssd/sssd_{multihost.ad[0].domainname.lower()}.log"). \
+ decode('utf-8')
+
+ assert f"Failed to resolve server 'unresolved." \
+ f"{multihost.ad[0].domainname.lower()}': " \
+ f"Domain name not found" in log_str
+ assert f"Going offline" in log_str
+ assert usr_cmd.returncode == 2, f"User {aduser} was found!"
+
+ @staticmethod
+ @pytest.mark.tier1
+ def test_0013_ad_parameters_server_srv_record(multihost, adjoin,
+ create_aduser_group):
+ """
+ :title: IDM-SSSD-TC: ad_provider: ad_parameters: Set ad server to
+ blank which defaults to srv record
+ :id: f87672d8-d462-4673-a4d7-6b55a4c05925
+ :setup:
+ 1. Configure, ad_server to _srv_ record
+ clear cache and restart sssd.
+ 2. Create an AD user and group.
+ :steps:
+ 1. Run getent passwd for the user.
+ 2. Run getent group for the group.
+ 3. Run su for the user.
+ 4. Search logs for specific message(s) in sssd domain log.
+ Marking SRV lookup of service 'AD' as 'resolved'
+ :expectedresults:
+ 1. User is found.
+ 2. Group is found.
+ 3. Su passes.
+ 4. The line(s) are present in the log.
+ :customerscenario: False
+ """
+ ad_domain = multihost.ad[0].domainname
+ hostname_cmd = multihost.client[0].run_command(
+ 'hostname -s',
+ raiseonerr=False
+ )
+ shortname = hostname_cmd.stdout_text.rstrip()
+ adjoin(membersw='adcli')
+ # Create AD user
+ (aduser, adgroup) = create_aduser_group
+ # Configure sssd
+ ad_realm = multihost.ad[0].domainname.upper()
+ multihost.client[0].service_sssd('stop')
+ client = sssdTools(multihost.client[0], multihost.ad[0])
+ dom_section = f'domain/{client.get_domain_section_name()}'
+ sssd_params = {
+ 'debug_level': '9',
+ 'ad_domain': multihost.ad[0].domainname.lower(),
+ 'ad_server': '_srv_',
+ 'use_fully_qualified_names': 'False',
+ 'cache_credentials': 'True',
+ }
+ client.sssd_conf(dom_section, sssd_params)
+ client.clear_sssd_cache()
+
+ # Search for the user and get its uid
+ usr_cmd = multihost.client[0].run_command(
+ f'getent passwd {aduser}',
+ raiseonerr=False
+ )
+ uid = usr_cmd.stdout_text.rstrip()
+
+ # Search for the group and get its gid
+ grp_cmd = multihost.client[0].run_command(
+ f'getent group {adgroup}',
+ raiseonerr=False
+ )
+ # Run su command
+ su_cmd = multihost.client[0].run_command(
+ f'su - {aduser} -c whoami',
+ raiseonerr=False
+ )
+
+ # Download the sssd domain log
+ log_str = multihost.client[0].get_file_contents(
+ f"/var/log/sssd/sssd_{multihost.ad[0].domainname.lower()}.log"). \
+ decode('utf-8')
+
+ assert f"Marking SRV lookup of service 'AD' as 'resolved'" in log_str
+ assert usr_cmd.returncode == 0, f"User {aduser} was not found!"
+ assert grp_cmd.returncode == 0, f"Group {adgroup} was not found!"
+ assert su_cmd.returncode == 0, "The su command failed!"
+
+ @staticmethod
+ @pytest.mark.tier1
+ def test_0014_ad_parameters_server_blank(multihost, adjoin,
+ create_aduser_group):
+ """
+ :title: IDM-SSSD-TC: ad_provider: ad_parameters: Set ad server to
+ blank which defaults to srv record
+ :id: b7d7b556-22a6-41d8-93db-6834ef3e9688
+ :setup:
+ 1. Configure, ad_server to blank
+ clear cache and restart sssd.
+ 2. Create an AD user and group.
+ :steps:
+ 1. Run getent passwd for the user.
+ 2. Run getent group for the group.
+ 3. Run su for the user.
+ 4. Search logs for specific message(s) in sssd domain log.
+ No AD server set, will use service discovery
+ :expectedresults:
+ 1. User is found.
+ 2. Group is found.
+ 3. Su passes.
+ 4. The line(s) are present in the log.
+ :customerscenario: False
+ """
+ ad_domain = multihost.ad[0].domainname
+ hostname_cmd = multihost.client[0].run_command(
+ 'hostname -s',
+ raiseonerr=False
+ )
+ shortname = hostname_cmd.stdout_text.rstrip()
+ adjoin(membersw='adcli')
+ # Create AD user
+ (aduser, adgroup) = create_aduser_group
+ # Configure sssd
+ ad_realm = multihost.ad[0].domainname.upper()
+ multihost.client[0].service_sssd('stop')
+ client = sssdTools(multihost.client[0], multihost.ad[0])
+ dom_section = f'domain/{client.get_domain_section_name()}'
+ sssd_params = {
+ 'debug_level': '9',
+ 'ad_domain': multihost.ad[0].domainname.lower(),
+ 'ad_server': '',
+ 'use_fully_qualified_names': 'False',
+ 'cache_credentials': 'True',
+ }
+ client.sssd_conf(dom_section, sssd_params)
+ client.clear_sssd_cache()
+
+ # Search for the user and get its uid
+ usr_cmd = multihost.client[0].run_command(
+ f'getent passwd {aduser}',
+ raiseonerr=False
+ )
+ uid = usr_cmd.stdout_text.rstrip()
+
+ # Search for the group and get its gid
+ grp_cmd = multihost.client[0].run_command(
+ f'getent group {adgroup}',
+ raiseonerr=False
+ )
+ # Run su command
+ su_cmd = multihost.client[0].run_command(
+ f'su - {aduser} -c whoami',
+ raiseonerr=False
+ )
+
+ # Download the sssd domain log
+ log_str = multihost.client[0].get_file_contents(
+ f"/var/log/sssd/sssd_{multihost.ad[0].domainname.lower()}.log"). \
+ decode('utf-8')
+
+ assert f"No AD server set, will use service discovery" in log_str
+ assert usr_cmd.returncode == 0, f"User {aduser} was not found!"
+ assert grp_cmd.returncode == 0, f"Group {adgroup} was not found!"
+ assert su_cmd.returncode == 0, "The su command failed!"
+
+# rlPhaseStartTest "Set ad server to blank which defaults to srv record"
+# sed -i 's/ad_server=_srv_/ad_server=/' /etc/sssd/sssd.conf
+#
+# sssd_clear_logs
+# sssd_restart_clean
+#
+# rlRun "getent passwd testuser01-${JOBID}"
+# rlRun "getent group testgroup01-${JOBID}"
+# rlRun "su_success testuser01-${JOBID} Secret123"
+# rlAssertGrep "No AD server set, will use service discovery" "/var/log/sssd/sssd_$AD_DOMAIN1.log"
+# rlPhaseEnd
\ No newline at end of file
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
