| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
We were not searching for objectclass so the test to se if a user had the
posixAccount attribute was failing and the user was not marked as ipa_user.
This in turn caused us to not synchronize legacy hashes by not trying to store
the userPassword attribute.
Fixes: https://fedorahosted.org/freeipa/ticket/1820
|
|
|
|
|
|
|
|
|
|
|
| |
Expiration time should be enforced as per policy only for users and only when a
password change occurs, ina ll other cases we should just let kadmin decide
whther it is going to set a password expiration time or just leave it empty.
In general service tickts have strong random passwords so they do not need a
password policy or expiration at all.
https://fedorahosted.org/freeipa/ticket/1839
|
|
|
|
|
|
|
| |
We do the policy check so we are the only one that can calculate the new
pwd espiration time.
Fixes: https://fedorahosted.org/freeipa/ticket/1793
|
|
|
|
|
|
|
| |
Although the proper values for booleans from LDAP should be only uppercase,
389ds does allow wrong cased values without complaining. And we still have some
places where the wrong case is used.
Avoid getting frustrating errors when reading these values out.
|
|
|
|
| |
Use default policy for new principals created by kadmin
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Initialize module also on ipadb_create invocation. This is what
kdb5_util expects.
|
|
|
|
| |
limit exported symbols only to the ones actually needed by krb5kdc
|
|
|