test: enumeration with # in the group name

Reviewed-by: Alejandro López <[email protected]>
Reviewed-by: Dan Lavu <[email protected]>

Author: thalman

src/tests/system/tests/test_ldap.py

@@ -593,3 +593,41 @@ def test_ldap__limit_search_base_group(client: Client, provider: LDAP):
     assert (
         "(h2,ou2_usr1,ldap.test)" not in result.members
     ), "'ou1_grp2' members did not match the expected ones when search base is limited."
+
+
+@pytest.mark.importance("low")
+@pytest.mark.topology(KnownTopology.LDAP)
+def test_ldap__enumeration_and_group_with_hash_in_name(client: Client, ldap: LDAP):
+    """
+    :title: getent shows groups with '#' in the name
+    :setup:
+        1. Create group with # in the name
+        2. Create group without # in the name
+        3. Enable enumeration
+    :steps:
+        1. Wait for enumeration to complete
+        2. check output of `getent group -s sss`
+    :expectedresults:
+        1. Enumeration task finishes
+        2. Both groups are in the `getent` output
+    :customerscenario: False
+    """
+    group1 = ldap.group("my#group").add()
+    group2 = ldap.group("my_group").add()
+    client.sssd.clear(db=True, memcache=True, logs=True)
+    client.sssd.domain["enumerate"] = "True"
+    client.sssd.domain["ldap_enumeration_refresh_offset"] = "1"
+    client.sssd.restart()
+
+    timeout = time.time() + 60
+    logfile = "/var/log/sssd/sssd_test.log"
+    while True:
+        log = client.fs.read(logfile)
+        if "[enum_groups_done]" in log:
+            break
+        assert timeout > time.time(), "Timeout while waiting for enumeration to finish"
+        time.sleep(1)
+    result = client.host.conn.exec(["getent", "group", "-s", "sss"])
+
+    assert group1.name in result.stdout, f"{group1.name} is not in getent output"
+    assert group2.name in result.stdout, f"{group2.name} is not in getent output"