Skip to content

QA:Testcase Identity Management

Release relevance

This Testcase applies the following versions of Rocky Linux: 8, 9

Associated release criterion

This test case is associated with the Release_Criteria#packages-and-module-installation release criterion. If you are doing release validation testing, a failure of this test case may be a breach of that release criterion.


Setting up a IdM system (FreeIPA) and using it's functionality leverages not also a lot of the packages in the official repos, it also tests quite a lot of used functions a corporate environment. This installatation will host it's own dns server for more generic testing without relying on the individual infrastructure of the environment.


  • A freshly provisioned system (no other functions are allowed on this system except running the IdM services)
  • IPv4 network with unmanaged domain name (installer will check for dns servers) and unmanaged reverse dns network (in my case here and
  • In the case of this writeup the external dns server has the domain, this has to have a entry for (this could also be replaced by a entry in the /etc/hosts file if no external dns server should be involved)


  1. dnf module enable idm:DL1
  2. dnf module install idm:DL1/dns
  3. ipa-server-install

    • Do you want to configure integrated DNS (BIND)? [no]: yes
    • Server host name []:
    • Please confirm the domain name []:
    • Please provide a realm name [IPA1.NETWORK]: IPA1.NETWORK
    • Directory Manager password: <password> Password (confirm): <password>
    • IPA admin password: <other-password> Password (confirm): <other-password>
    • Please provide the IP address to be used for this host name:
    • Enter an additional IP address, or press Enter to skip: leave empty
    • Do you want to configure DNS forwarders? [yes]: yes
    • Do you want to configure these servers as DNS forwarders? [yes]: yes
    • Enter an IP address for a DNS forwarder, or press Enter to skip: leave empty
    • Do you want to search for missing reverse zones? [yes]: yes
    • NetBIOS domain name [IPA1]: IPA1
    • Do you want to configure chrony with NTP server or pool address? [no]: yes
    • Enter NTP source server addresses separated by comma, or press Enter to skip: leave empty
    • Enter a NTP source pool address, or press Enter to skip:
    • Continue to configure the system with these values? [no]: yes
  4. firewall-cmd --add-service={freeipa-4,dns} --permanent

  5. firewall-cmd --add-service={freeipa-4,dns}

How to test

  1. Make sure Kerberos works, by running kinit admin and klist
  2. Make sure the webfrontend is reachable and login works
  3. Furthermore you can also attach another system (DNS + connecting via SSSD)

Expected Results

After installation all services should be available and work correctly.

Additional Information

If you have questions with respect to this content or to report concerns regarding the use or misuse content please do not hesitate to contact us at

Rocky Linux and the Rocky Enterprise Software Foundation (RESF) does not make any express or implied warranties, including but not limited to the warranties of non-infringement of any third party intellectual property rights. RESF does not warrant that any pending trademark applications for trademarks of RESF will result in any granted trademark protection. RESF shall not be liable for any claims relating to user's activities falling within the scope of the permission and user hereby agrees to indemnify, defend and hold RESF and its contributors harmless against any such claim.

This work is heavily inspired by the Fedora Quality Assurance documents which were made available under Attribution-Share Alike 4.0 International license unless otherwise noted.

This content is licensed under under Attribution-Share Alike 4.0 International license unless otherwise noted.