Draft Test Cases for Fedora Server Final Criteria

Stephen Gallagher sgallagh at redhat.com
Tue Nov 4 21:58:04 UTC 2014


So, at today's Server WG meeting, I was asked to come up with a
high-level draft of some additional requirements to validate for Final
criteria. Most of these probably should be Beta criteria in F22, but we
didn't have them as such this time around. I'll differentiate them as
such below. It should be understood that Final validation is a superset
of Beta validation, so anything we add in that category applies to both.

== Beta Criteria ==

=== Domain Controller ===
* The Domain Controller must be capable of serving LDAP requests on port
389. This should be validated by the use of the ldapsearch tool.

* The Domain Controller must be capable of serving TLS-encrypted LDAP
requests on port 389. This should be validated by the use of the
ldapsearch tool.

* The Domain Controller must be capable of serving LDAPS (LDAP encrypted
with SSL) over port 636. This should be validated by the use of the
ldapsearch tool.

* The Domain Controller must be capable of returning LDAP and LDAPS
search results using simple auth (the -x option to ldapsearch) or
SASL/GSSAPI auth (the -Y GSSAPI option). This should be validated by the
use of the ldapsearch tool.

* The Domain Controller must be capable of serving DNS host records on
port 53. This should be validated by the use of the 'dig' tool.

=== FreeIPA Domain Client ===
* Enrolled clients must be capable of authenticating against a valid
user account using SSSD.
* Enrolled clients must honor FreeIPA HBAC rules for access-control.
* Enrolled clients must be able to change their passwords according to
the password policy specified by the FreeIPA server
* Users must be capable of performing password-less single-sign-on
between two enrolled clients using GSSAPI.



== Final Criteria ==

=== Domain Controller ===
* The Domain Controller must be capable of serving DNS SRV records for
ldap and kerberos on port 53. This is used for auto-discovery.

=== FreeIPA Domain Client ===
* When configured to use the Domain Controller for DNS services, the
domain client must be able to use DNS to discover the Domain Controller
address using SRV records.

* When configured to use FreeIPA for host-key validation, initial SSH
between domain clients should not prompt the user to accept the SSH
public key.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part
URL: <http://lists.fedoraproject.org/pipermail/server/attachments/20141104/c3677c4d/attachment.sig>


More information about the server mailing list