Document Version | Description | Date |
v0.1 | Test Plan before team review |
Summary
This document describes the test plan to test the functionality of the LDAP Group Sync to Roles feature for Mattermost v5.20.
...
When images exist in parallel to assist with the test case, they are placed right below the corresponding test cases.
Scope
This document outlines the tests for LDAP Group Sync to Roles - UI and Functionality features including system console and chat facing changes.
Glossary
Main menu
Hamburger menu on the LHS.
Channel menu
Dropdown menu which is displayed when we click on the Channel Name
Team Admin
A user who has a team administrator privileges of a team but with non-system administrator privileges.
Channel Admin
A user who has a channel administrator privileges of a channel but with non-system administrator (or) non-team admin privileges.
LDAP Group Sync Job
This is an option provided in the System Console > AD/LDAP page.
Test Server
A list of test server versions used in testing including Mattermost server and Marketplace Server
Assumptions
The tests in this test plans are written with the assumption that:
Testing done on System Console pages is done as a System Administrator, unless otherwise specified by the test case.
Testing is primarily done on the webapp and desktop app, with spot checks on RN mobile app or mobile web browser app to ensure the feature is not present.
Setup
The following setup will be necessary in order to begin testing:
...
Go to the main menu
Go to “About Mattermost”
Mattermost version appears on the About modal
Test Cases
System Console > Manage Teams
System Console > Team Configuration - UI
...
Setup | Results |
Tester: Rohitesh Gupta (Deactivated) Test Server: Build Hash: Date: | Pass |
System Console > Manage Channels
System Console > Channel Configuration - UI
...
Setup | Results |
Tester: Rohitesh Gupta (Deactivated) Test Server: Build Hash: Date: | Pass |
System Console > Manage Groups
System Console > Group Configuration - UI
...
Setup | Results |
Tester: Rohitesh Gupta (Deactivated) Test Server: Build Hash: Date: | Pass |
Chat Facing > Teams > Manage Groups
Promote Group Role to Team Admins
...
Setup | Results |
Tester: Rohitesh Gupta (Deactivated) Test Server: Build Hash: Date: | Pass |
Chat Facing > Channels > Manage Groups
Promote Group Role to Channel Admins
...
For a Group Synced Channel, login as a user User1 who has Channel Admin permissions.
For the same group synced channel, on a different browser, login as a user User2 who has Channel Admin permissions.
As User1, Click on Channel dropdown and select Manage Groups from Channel menu and then set the role to Channel Members for a Group which User2 belongs to.
User2 should immediately be updated to Channel Member role and should not be able to perform Channel Admin tasks like view and modify Manage Groups etc.
Run LDAP Group Sync job again and check if user User2 still has Channel Member permission for that Team.
User2 should be updated to a Channel Member role and should not be able to perform any Channel Admin Tasks
Setup | Results |
Tester: Rohitesh Gupta (Deactivated) Test Server: Build Hash: Date: | Pass |
Mapping to Server Scoped Role - System Admin Filter
LDAP Admin Filter
Ensure LDAP setup is done correctly on an instance
Navigate to System Console > AD/LDAP and set Admin Filter to "(givenName=barrett)" and set Enable Admin Attribute to true.
Login as a LDAP user who has this attribute "givenName=barrett" configured in the AD/LDAP Server.
Check if the user is logged in as System Admin User and has access to System Console
User should be logged in as System Admin User. User should be able to access System Console without any errors
Setup | Results |
Tester: Rohitesh Gupta (Deactivated) Test Server: Build Hash: Date: | Pass |
Disable LDAP Admin Filter
Ensure LDAP setup is done correctly on an instance
Navigate to System Console > AD/LDAP and set Admin Filter to "(givenName=barrett)"
Login as a LDAP user who has this attribute "(givenName=barrett)" configured in the AD/LDAP Server
Now login as sysadmin and set Enable Admin Attribute to false and check
Existing LDAP System Admin users should not be demoted to members. Any new LDAP user who tries to login with "givenName=barrett" will no longer be considered a System Admin user and instead should be considered a regular member
Setup | Results |
Tester: Rohitesh Gupta (Deactivated) Test Server: Build Hash: Date: | Pass |
Change LDAP Admin Filter
Ensure LDAP setup is done correctly on an instance
Navigate to System Console > AD/LDAP and set Admin Attribute to "(givenName=test)"
Now on a new browser login with a user who has "(givenName=barrett)". User would be logged in as Member.
Navigate to System Console > AD/LDAP and set Admin Attribute to "(givenName=barrett)"
Revoke session of all users and ensure the user in step 3 logs in again.
Next time the user logs in, the user should be converted to a System Admin user.
Setup | Results |
Tester: Rohitesh Gupta (Deactivated) Test Server: Build Hash: Date: | Pass |
LDAP Admin Filter & Guest Attribute
Ensure LDAP setup is done correctly on an instance
Ensure Guest Access is enabled in System Console > Guest Access.
Navigate to System Console > AD/LDAP and set Admin Filter to "(givenName=barrett)" and set Guest Attribute to "(sn=Butler)" .
Now on a new browser login with a user who has both sn=Butler and givenName=barrett.
User should be logged in as a System Guest user and should not have System Admin privileges.
Setup | Results |
Tester: Rohitesh Gupta (Deactivated) Test Server: Build Hash: Date: | Pass |
SAML Admin Attribute
Ensure SAML setup is done correctly on an instance
Navigate to System Console > SAML 2.0 and set Admin Attribute to "isAdmin=true" and set Enable Admin Attribute to true.
Login as a SAML user who has this attribute "isAdmin=true" configured in the SAML Server.
Check if the user is logged in as System Admin User and has access to System Console
User should be logged in as System Admin User. User should be able to access System Console without any errors
Setup | Results |
Tester: Rohitesh Gupta (Deactivated) Test Server: Build Hash: Date: | Pass |
Disable SAML Admin Attribute
Ensure SAML setup is done correctly on an instance
Navigate to System Console > SAML 2.0 and set Admin Attribute to "isAdmin=true"
Login as a SAML user who has this attribute "isAdmin=true" configured in the SAML Server
Now login as sysadmin and set Enable Admin Attribute to false and check
Existing SAML System Admin users should not be demoted to members. Any new SAML user who tries to login with isAdmin=true will no longer be considered a System Admin user and instead should be considered a regular member
Setup | Results |
Tester: Rohitesh Gupta (Deactivated) Test Server: Build Hash: Date: | Pass |
Change SAML Admin Attribute
Ensure SAML setup is done correctly on an instance
Navigate to System Console > SAML and set Admin Attribute to "isAdmin=TEST".
Now on a new browser login with a user who has isAdmin=true. User would be logged in as Member.
Navigate to System Console > SAML and set Admin Attribute to "isAdmin=TRUE".
Revoke session of all users and ensure the user in step 3 logs in again.
Next time the user logs in, the user should be converted to a System Admin user.
Setup | Results |
Tester: Rohitesh Gupta (Deactivated) Test Server: Build Hash: Date: | Pass |
SAML Admin Attribute & Guest Attribute
Ensure SAML setup is done correctly on an instance
Ensure Guest Access is enabled in System Console > Guest Access.
Navigate to System Console > SAML and set Admin Attribute to "isAdmin=TRUE" and set Guest Attribute to "isGuest=TRUE".
Now on a new browser login with a user who has both isGuest=true and isAdmin=true.
User should be logged in as a System Guest user and should not have System Admin previliges.
Setup | Results |
Tester: Rohitesh Gupta (Deactivated) Test Server: Build Hash: Date: | Pass |
...