diff options
| author | Simo Sorce <simo@redhat.com> | 2014-01-14 10:18:43 -0500 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2014-01-16 09:00:35 +0100 |
| commit | 088fbad35323146429df4a79a976022753c3b28f (patch) | |
| tree | 842a7ad385493ae54565430998f7029a6d777c06 /ipalib/plugins | |
| parent | d0ed25c8cbff54528133f6b78133ee8307b3faff (diff) | |
| download | freeipa-088fbad35323146429df4a79a976022753c3b28f.tar.gz freeipa-088fbad35323146429df4a79a976022753c3b28f.tar.xz freeipa-088fbad35323146429df4a79a976022753c3b28f.zip | |
Stop adding a default password policy reference
Both the password plugin and the kdb driver code automatically fall
back to the default password policy.
so stop adding an explicit reference to user objects and instead rely on the
fallback.
This way users created via the framework and users created via winsync plugin
behave the same way wrt password policies and no surprises will happen.
Also in case we need to change the default password policy DN this will allow
just code changes instead of having to change each user entry created, and
distinguish between the default policy and explicit admin changes.
Related: https://fedorahosted.org/freeipa/ticket/4085
Diffstat (limited to 'ipalib/plugins')
| -rw-r--r-- | ipalib/plugins/user.py | 3 |
1 files changed, 0 insertions, 3 deletions
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index 3c8353ffa..6cdaae334 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -529,9 +529,6 @@ class user_add(LDAPCreate): homes_root = config.get('ipahomesrootdir', ['/home'])[0] # build user's home directory based on his uid entry_attrs['homedirectory'] = posixpath.join(homes_root, keys[-1]) - entry_attrs.setdefault('krbpwdpolicyreference', - DN(('cn', 'global_policy'), ('cn', api.env.realm), ('cn', 'kerberos'), - api.env.basedn)) entry_attrs.setdefault('krbprincipalname', '%s@%s' % (entry_attrs['uid'], api.env.realm)) if entry_attrs.get('gidnumber') is None: |