This patch effectively removes all LDAPv2 style quoted DNs and makes sure we don't use them anymore.

KDC doesn't seem to have any problems with LDAPv3 style DNs, but I kept the option to disable DN normalization for now.

I also had to add a new dollar variable for LDIF files: $ESCAPED_SUFFIX. We need it to create entries that contain the DN of another entry in their own, like the account activated/inactivated CoS entries.

what I tested:
- playing around with password policies and CoS entries using both pwpolicy and pwpolicy2
- changing user passwords to see if the policies apply
- re-installing IPA to see if the activated/inactived CoS entries where OK
- user-lock/user-unlock

The patch depends on the pwpolicy2 plugin. Well, it doesn't depend on it, but won't apply without. I didn't realize before committing and couldn't get it back by re-basing, so...

Pavel

Attachment: 0001-Use-escapes-in-DNs-instead-of-quoting.patch
Description: application/mbox

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to