From 301e5b3899a1a25af9c6a0d34728f2576992fc9b Mon Sep 17 00:00:00 2001
From: Madhuri Upadhye <mupadhye@redhat.com>
Date: Thu, 8 Jun 2023 12:15:38 +0530
Subject: [PATCH] Tests: When adding attributes ldap_user_extra_attrs with mail
 value in sssd.conf the cross-forest query stop working
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When adding attributes ldap_user_extra_attrs with mail value in sssd.conf the cross-forest query stop working

Automation of BZ2170720

Verifies:
  #6759

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>

Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
(cherry picked from commit 57499ff6571a8ca3d8bf2b7d19ec6b14100504c0)
---
 src/tests/multihost/ipa/test_adtrust.py | 47 +++++++++++++++++++++++++
 1 file changed, 47 insertions(+)

diff --git a/src/tests/multihost/ipa/test_adtrust.py b/src/tests/multihost/ipa/test_adtrust.py
index 5350aff73f4..36791aed88c 100644
--- a/src/tests/multihost/ipa/test_adtrust.py
+++ b/src/tests/multihost/ipa/test_adtrust.py
@@ -809,3 +809,50 @@ def test_search_filter_for_override_usrgrp(multihost, create_aduser_group):
         assert f"borci{run_id_int}@{domain}" in check_gr_lookup.stdout_text, "Group name was not resolved."
         assert f"ferko{run_id_int}@{domain}" in check_gr_lookup.stdout_text, "Group name was not resolved."
         assert log_message in log_file
+
+    @staticmethod
+    def test_ldap_user_extra_attrs(multihost, create_aduser_group):
+        """
+        :title: When adding attributes ldap_user_extra_attrs with mail value in sssd.conf
+        the cross-forest query stop working
+        :id: abc60b52-224d-4ac3-bbae-195cb0c563a0
+        :customerscenario: true
+        :bugzilla:
+          https://bugzilla.redhat.com/show_bug.cgi?id=2170720
+        :description: When adding attributes ldap_user_extra_attrs in sssd.conf
+          with the cross-forest, id command failed on client side.
+        working.
+        :setup:
+          1. Create user and group on AD.
+        :steps:
+          1. Add ldap_user_extra_attrs in domain section with mail in client and master.
+          2. Add user_attributes in nss section with mail in client and master.
+          3. Clear sssd cache from client and master.
+          4. Check id lookup of the user.
+        :expectedresults:
+          1. Successfully add parameter in domain section of client and master.
+          2. Successfully add user_attributes in nss section of client and master.
+          3. Cleared the cache of client and master.
+          4. User lookup command succeeds.
+        """
+        client = sssdTools(multihost.client[0], multihost.ad[0])
+        master = sssdTools(multihost.master[0])
+        domain = multihost.ad[0].domainname
+
+        (aduser, adgroup) = create_aduser_group
+        section = client.get_domain_section_name()
+
+        for role in [client, master]:
+            domain_params = {'ldap_user_extra_attrs': f'mail, lastname:sn, firstname:givenname'}
+            nss_params = {'user_attributes': '+mail, +firstname, +lastname'}
+            role.sssd_conf(f'domain/{section}', domain_params)
+            role.sssd_conf('nss', nss_params)
+            role.clear_sssd_cache()
+
+        # Test evaluation
+        id_lookup = f'id {aduser}@{domain}'
+        check_id = multihost.client[0].run_command(id_lookup, raiseonerr=False)
+
+        assert check_id.returncode == 0, f'{aduser} id is not successful'
+        assert f"{aduser}@{domain}" in check_id.stdout_text, "User name was not resolved."
+        assert f"{adgroup}@{domain}" in check_id.stdout_text, "Group name was not resolved."