This patch effectively removes all LDAPv2 style quoted DNs and makes sure we don't use them anymore.

KDC doesn't seem to have any problems with LDAPv3 style DNs, but I kept the option to disable DN normalization for now.

I also had to add a new dollar variable for LDIF files: $ESCAPED_SUFFIX. We need it to create entries that contain the DN of another entry in their own, like the account activated/inactivated CoS entries.

what I tested:
- playing around with password policies and CoS entries using both pwpolicy and pwpolicy2
- changing user passwords to see if the policies apply
- re-installing IPA to see if the activated/inactived CoS entries where OK
- user-lock/user-unlock

The patch depends on the pwpolicy2 plugin. Well, it doesn't depend on it, but won't apply without. I didn't realize before committing and couldn't get it back by re-basing, so...


Attachment: 0001-Use-escapes-in-DNs-instead-of-quoting.patch
Description: application/mbox

Freeipa-devel mailing list

Reply via email to