From Fedora Project Wiki

Note.png
Associated release criterion
This test case is associated with the Basic_Release_Criteria#freeipa-server-requirements release criterion. If you are doing release validation testing, a failure of this test case may be a breach of that release criterion. If so, please file a bug and nominate it as blocking the appropriate milestone, using the blocker bug nomination page.


Description

Test basic functionality of FreeIPA web interface.

Setup

  1. Deploy a correctly-configured FreeIPA domain controller. You can follow:
    QA:Testcase_Server_role_deploy with the Domain Controller role to deploy a FreeIPA domain controller on Fedora 28 or earlier
    QA:Testcase_freeipa_trust_server_installation to deploy a FreeIPA domain controller on Fedora 29 or later
  2. Enrol a test system in the domain. There are various ways to do this. You will find several test cases you can follow in the Server release validation test cases, FreeIPA test cases, and Realmd test cases
  3. Ensure the client uses the FreeIPA server as its DNS server, or else that the client's DNS server can correctly resolve the FreeIPA server's hostname

How to test

  1. From the client, open a web browser, and go the the URL https://(server_hostname), e.g. https://ipa.example.com
  2. Log in to the web UI using the admin account (or another account with admin privileges)
  3. In the web UI, create two new users with sensible login ids (e.g. test1 and test2)
  4. From the Policy section, create a rule allowing one of the users to log in to the test client, and ensure any wildcard rules like 'allow_all' are disabled
  5. Attempt to log in to the client system with both test user accounts (remember to specify the domain as part of the user name if necessary, e.g. 'test1@example.com')

Expected Results

  1. You should be able to access and log into the web UI
  2. You should be able to create user accounts and configure access permissions from the web UI
  3. The access permissions you configure should be respected on the client - the account you allowed to log in should be allowed to log in, the account you did not allow to log in should not