Pavel Zuna wrote:
On 03/26/2010 04:56 PM, Rob Crittenden wrote:
Pavel Zuna wrote:
This patch effectively removes all LDAPv2 style quoted DNs and makes
sure we don't use them anymore.
KDC doesn't seem to have any problems with LDAPv3 style DNs, but I
kept the option to disable DN normalization for now.
I also had to add a new dollar variable for LDIF files:
$ESCAPED_SUFFIX. We need it to create entries that contain the DN of
another entry in their own, like the account activated/inactivated CoS
entries.
what I tested:
- playing around with password policies and CoS entries using both
pwpolicy and pwpolicy2
- changing user passwords to see if the policies apply
- re-installing IPA to see if the activated/inactived CoS entries
where OK
- user-lock/user-unlock
The patch depends on the pwpolicy2 plugin. Well, it doesn't depend on
it, but won't apply without. I didn't realize before committing and
couldn't get it back by re-basing, so...
Pavel
replication also uses v2-style escaping. This code looks ok for what it
touches but it isn't complete.
Maybe I'm wrong, but it seems that the cn="SUFFIX",cn=mapping
tree,cn=config entry is created automatically by DS and there's no much
we can do about it. We could delete the entry and create a new one, but
I suspect replication won't like it.
Yes, looks like you're right.
Rich, any thoughts on this?
rob
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
