KDC doesn't seem to have any problems with LDAPv3 style DNs, but I kept the option to disable DN normalization for now.
I also had to add a new dollar variable for LDIF files: $ESCAPED_SUFFIX. We need it to create entries that contain the DN of another entry in their own, like the account activated/inactivated CoS entries.
what I tested:- playing around with password policies and CoS entries using both pwpolicy and pwpolicy2
- changing user passwords to see if the policies apply - re-installing IPA to see if the activated/inactived CoS entries where OK - user-lock/user-unlockThe patch depends on the pwpolicy2 plugin. Well, it doesn't depend on it, but won't apply without. I didn't realize before committing and couldn't get it back by re-basing, so...
_______________________________________________ Freeipa-devel mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-devel