Create ipa-otp-counter 389DS plugin

This plugin ensures that all counter/watermark operations are atomic
and never decrement. Also, deletion is not permitted.

Because this plugin also ensures internal operations behave properly,
this also gives ipa-pwd-extop the appropriate behavior for OTP
authentication.

https://fedorahosted.org/freeipa/ticket/4493
https://fedorahosted.org/freeipa/ticket/4494

Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
Reviewed-By: Martin Kosek <mkosek@redhat.com>

1 files changed, 15 insertions, 0 deletions

diff --git a/install/updates/40-otp.update b/install/updates/40-otp.update
index caa21c380..92d6f6254 100644
--- a/install/updates/40-otp.update
+++ b/install/updates/40-otp.update
@@ -20,3 +20,18 @@ dn: cn=radiusproxy,$SUFFIX
 default: objectClass: nsContainer
 default: objectClass: top
 default: cn: radiusproxy
+
+dn: cn=IPA OTP Counter,cn=plugins,cn=config
+default:objectclass: top
+default:objectclass: nsSlapdPlugin
+default:objectclass: extensibleObject
+default:cn: IPA OTP Counter
+default:nsslapd-pluginpath: libipa_otp_counter
+default:nsslapd-plugininitfunc: ipa_otp_counter_init
+default:nsslapd-plugintype: preoperation
+default:nsslapd-pluginenabled: on
+default:nsslapd-pluginid: ipa-otp-counter
+default:nsslapd-pluginversion: 1.0
+default:nsslapd-pluginvendor: Red Hat, Inc.
+default:nsslapd-plugindescription: IPA OTP Counter plugin
+default:nsslapd-plugin-depends-on-type: database