From 088fbad35323146429df4a79a976022753c3b28f Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Tue, 14 Jan 2014 10:18:43 -0500
Subject: Stop adding a default password policy reference

Both the password plugin and the kdb driver code automatically fall
back to the default password policy.
so stop adding an explicit reference to user objects and instead rely on the
fallback.
This way users created via the framework and users created via winsync plugin
behave the same way wrt password policies and no surprises will happen.

Also in case we need to change the default password policy DN this will allow
just code changes instead of having to change each user entry created, and
distinguish between the default policy and explicit admin changes.

Related: https://fedorahosted.org/freeipa/ticket/4085
---
 ipalib/plugins/user.py                   | 3 ---
 ipatests/test_xmlrpc/test_user_plugin.py | 4 ----
 2 files changed, 7 deletions(-)

diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index 3c8353ffa..6cdaae334 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -529,9 +529,6 @@ class user_add(LDAPCreate):
             homes_root = config.get('ipahomesrootdir', ['/home'])[0]
             # build user's home directory based on his uid
             entry_attrs['homedirectory'] = posixpath.join(homes_root, keys[-1])
-        entry_attrs.setdefault('krbpwdpolicyreference',
-                               DN(('cn', 'global_policy'), ('cn', api.env.realm), ('cn', 'kerberos'),
-                                  api.env.basedn))
         entry_attrs.setdefault('krbprincipalname', '%s@%s' % (entry_attrs['uid'], api.env.realm))
 
         if entry_attrs.get('gidnumber') is None:
diff --git a/ipatests/test_xmlrpc/test_user_plugin.py b/ipatests/test_xmlrpc/test_user_plugin.py
index 14a4b501d..9b1777589 100644
--- a/ipatests/test_xmlrpc/test_user_plugin.py
+++ b/ipatests/test_xmlrpc/test_user_plugin.py
@@ -99,10 +99,6 @@ def get_user_result(uid, givenname, sn, operation='show', omit=[],
             mepmanagedentry=[get_group_dn(uid)],
             objectclass=add_oc(objectclasses.user, u'ipantuserattrs'),
             krbprincipalname=[u'%s@%s' % (uid, api.env.realm)],
-            krbpwdpolicyreference=[DN(('cn', 'global_policy'),
-                                      ('cn', api.env.realm),
-                                      ('cn', 'kerberos'),
-                                      api.env.basedn)],
         )
     if operation in ('show', 'show-all', 'find', 'mod'):
         result.update(
-- 
cgit