On 15.06.2016 17:19, thierry bordaz wrote:
Hello,

This patch is for https://fedorahosted.org/freeipa/ticket/5955
Please put this link to commit message

This is the last patch related "IdM user password change support for legacy client compat tree"

  * It requires DS > 1.3.5.5 (https://fedorahosted.org/389/ticket/48880)

Please bump version in freeipa.spec.in and put DS srpms to @freeipa/freeipa-master if new DS is not at least in updates testing


 *



  * PATCH 0020 https://fedorahosted.org/freeipa/ticket/5946 ipapwd
    (review by Alexander)
  * this PATCH 0021

This patch is not the final one because I had to locally define SLAPI_PLUGIN_PRE_EXTOP_FN in order to build on copr.
The define SLAPI_PLUGIN_PRE_EXTOP_FN comes with DS > 1.3.5.5

A test case is:

    create a user 'tb1'

    # step 1 verify that there is no passwd/krbkeys
    ldapsearch -LLL -D "cn=directory manager" -w xxx -b
    "uid=tb1,cn=users,cn=accounts,SUFFIX" userPassword krbPrincipalKey


    # step 2 verify that tb1 has a password/krbkeys
    ldappasswd -D "cn=directory manager" -w xxx
    "uid=tb1,cn=users,cn=*accounts*,SUFFIX" -s yyy
    ldapsearch -LLL -D "cn=directory manager" -w xxx -b
    "uid=tb1,cn=users,cn=accounts,SUFFIX" userPassword krbPrincipalKey

    # step 3 verify that tb1 has different passwd/krbkeys than in step 2
    ldappasswd -D "cn=directory manager" -w xxx
    "uid=tb1,cn=users,cn=*accounts*,SUFFIX" -s yyy
    ldapsearch -LLL -D "cn=directory manager" -w xxx -b
    "uid=tb1,cn=users,cn=accounts,SUFFIX" userPassword krbPrincipalKey


    # step 4 verify that tb1 has different passwd/krbkeys than in step 3
    ldappasswd -D "cn=directory manager" -w xxx
    "uid=tb1,cn=users,cn=*compat*,SUFFIX" -s yyy
    ldapsearch -LLL -D "cn=directory manager" -w xxx -b
    "uid=tb1,cn=users,cn=accounts,SUFFIX" userPassword krbPrincipalKey

    # step 5 verify that tb1 has different passwd/krbkeys than in step 4
    ldappasswd -D "cn=directory manager" -w xxx
    "uid=tb1,cn=users,cn=*compat*,SUFFIX" -s yyy
    ldapsearch -LLL -D "cn=directory manager" -w xxx -b
    "uid=tb1,cn=users,cn=accounts,SUFFIX" userPassword krbPrincipalKey

Please put these steps to reproduce into ticket, we will need this for QA.

thanks
thierry



Thank you,
Martin^2
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to