diff options
author | Simo Sorce <simo@redhat.com> | 2014-01-16 09:06:18 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-01-16 09:10:16 +0100 |
commit | 50a6430dbd529715bd8b8c07b4397156debb612c (patch) | |
tree | 61014abfd1989bd47ef8f05ffb31f04e5b2dd68d | |
parent | cd3715a01394e77c65643979fb2e9eca465f6ef5 (diff) | |
download | freeipa.git-50a6430dbd529715bd8b8c07b4397156debb612c.tar.gz freeipa.git-50a6430dbd529715bd8b8c07b4397156debb612c.tar.xz freeipa.git-50a6430dbd529715bd8b8c07b4397156debb612c.zip |
Stop adding a default password policy reference
Both the password plugin and the kdb driver code automatically fall
back to the default password policy.
so stop adding an explicit reference to user objects and instead rely on the
fallback.
This way users created via the framework and users created via winsync plugin
behave the same way wrt password policies and no surprises will happen.
Also in case we need to change the default password policy DN this will allow
just code changes instead of having to change each user entry created, and
distinguish between the default policy and explicit admin changes.
Related: https://fedorahosted.org/freeipa/ticket/4085
Patch backported/updated by Martin Kosek to accomodate different ipatests
structure in ipa-3-3 branch.
-rw-r--r-- | ipalib/plugins/user.py | 3 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_attr.py | 2 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_automember_plugin.py | 4 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_group_plugin.py | 4 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_krbtpolicy.py | 2 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_nesting.py | 8 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_netgroup_plugin.py | 4 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_range_plugin.py | 2 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_replace.py | 2 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_selinuxusermap_plugin.py | 5 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_user_plugin.py | 40 |
11 files changed, 0 insertions, 76 deletions
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index 471981f4..9b212005 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -498,9 +498,6 @@ class user_add(LDAPCreate): homes_root = config.get('ipahomesrootdir', ['/home'])[0] # build user's home directory based on his uid entry_attrs['homedirectory'] = posixpath.join(homes_root, keys[-1]) - entry_attrs.setdefault('krbpwdpolicyreference', - DN(('cn', 'global_policy'), ('cn', api.env.realm), ('cn', 'kerberos'), - api.env.basedn)) entry_attrs.setdefault('krbprincipalname', '%s@%s' % (entry_attrs['uid'], api.env.realm)) if entry_attrs.get('gidnumber') is None: diff --git a/ipatests/test_xmlrpc/test_attr.py b/ipatests/test_xmlrpc/test_attr.py index 118eabde..a9e29569 100644 --- a/ipatests/test_xmlrpc/test_attr.py +++ b/ipatests/test_xmlrpc/test_attr.py @@ -71,8 +71,6 @@ class test_attr(Declarative): cn=[u'Test User1'], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[DN(('cn',user1),('cn','groups'),('cn','accounts'), api.env.basedn)], memberof_group=[u'ipausers'], diff --git a/ipatests/test_xmlrpc/test_automember_plugin.py b/ipatests/test_xmlrpc/test_automember_plugin.py index 2c38b646..32fc59ba 100644 --- a/ipatests/test_xmlrpc/test_automember_plugin.py +++ b/ipatests/test_xmlrpc/test_automember_plugin.py @@ -812,8 +812,6 @@ class test_automember(Declarative): cn=[u'Michael Scott'], initials=[u'MS'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn', 'global_policy'), ('cn', api.env.realm), ('cn', 'kerberos'), - api.env.basedn)], mepmanagedentry=[DN(('cn', manager1), ('cn', 'groups'), ('cn', 'accounts'), api.env.basedn)], memberof_group=[u'defaultgroup1', u'ipausers'], @@ -851,8 +849,6 @@ class test_automember(Declarative): cn=[u'Test User1'], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn', 'global_policy'), ('cn', api.env.realm), ('cn', 'kerberos'), - api.env.basedn)], mepmanagedentry=[DN(('cn', user1), ('cn', 'groups'), ('cn', 'accounts'), api.env.basedn)], memberof_group=[u'group1', u'ipausers'], diff --git a/ipatests/test_xmlrpc/test_group_plugin.py b/ipatests/test_xmlrpc/test_group_plugin.py index be31af45..9cc337db 100644 --- a/ipatests/test_xmlrpc/test_group_plugin.py +++ b/ipatests/test_xmlrpc/test_group_plugin.py @@ -812,8 +812,6 @@ class test_group(Declarative): cn=[u'Test User1'], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[get_group_dn(user1)], memberof_group=[u'ipausers'], dn=DN(('uid',user1),('cn','users'),('cn','accounts'), @@ -932,8 +930,6 @@ class test_group(Declarative): ipauniqueid=[fuzzy_uuid], dn=DN(('uid','tuser1'),('cn','users'),('cn','accounts'), api.env.basedn), - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], memberof_group=[u'ipausers'], has_keytab=False, has_password=False, diff --git a/ipatests/test_xmlrpc/test_krbtpolicy.py b/ipatests/test_xmlrpc/test_krbtpolicy.py index 2fac11f1..fb66e8a6 100644 --- a/ipatests/test_xmlrpc/test_krbtpolicy.py +++ b/ipatests/test_xmlrpc/test_krbtpolicy.py @@ -110,8 +110,6 @@ class test_krbtpolicy(Declarative): cn=[u'Test User1'], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[DN(('cn',user1),('cn','groups'),('cn','accounts'), api.env.basedn)], memberof_group=[u'ipausers'], diff --git a/ipatests/test_xmlrpc/test_nesting.py b/ipatests/test_xmlrpc/test_nesting.py index 850010b8..5be05688 100644 --- a/ipatests/test_xmlrpc/test_nesting.py +++ b/ipatests/test_xmlrpc/test_nesting.py @@ -176,8 +176,6 @@ class test_nesting(Declarative): cn=[u'Test User1'], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[DN(('cn',user1),('cn','groups'),('cn','accounts'), api.env.basedn)], memberof_group=[u'ipausers'], @@ -214,8 +212,6 @@ class test_nesting(Declarative): cn=[u'Test User2'], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[DN(('cn',user2),('cn','groups'),('cn','accounts'), api.env.basedn)], memberof_group=[u'ipausers'], @@ -252,8 +248,6 @@ class test_nesting(Declarative): cn=[u'Test User3'], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[DN(('cn',user3),('cn','groups'),('cn','accounts'), api.env.basedn)], memberof_group=[u'ipausers'], @@ -290,8 +284,6 @@ class test_nesting(Declarative): cn=[u'Test User4'], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[DN(('cn',user4),('cn','groups'),('cn','accounts'), api.env.basedn)], memberof_group=[u'ipausers'], diff --git a/ipatests/test_xmlrpc/test_netgroup_plugin.py b/ipatests/test_xmlrpc/test_netgroup_plugin.py index 09241a7d..15453bd3 100644 --- a/ipatests/test_xmlrpc/test_netgroup_plugin.py +++ b/ipatests/test_xmlrpc/test_netgroup_plugin.py @@ -288,8 +288,6 @@ class test_netgroup(Declarative): cn=[u'Test User1'], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[DN(('cn',user1),('cn','groups'),('cn','accounts'), api.env.basedn)], memberof_group=[u'ipausers'], @@ -325,8 +323,6 @@ class test_netgroup(Declarative): cn=[u'Test User2'], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[DN(('cn',user2),('cn','groups'),('cn','accounts'), api.env.basedn)], memberof_group=[u'ipausers'], diff --git a/ipatests/test_xmlrpc/test_range_plugin.py b/ipatests/test_xmlrpc/test_range_plugin.py index df80e2fb..8c7b5f26 100644 --- a/ipatests/test_xmlrpc/test_range_plugin.py +++ b/ipatests/test_xmlrpc/test_range_plugin.py @@ -248,8 +248,6 @@ class test_range(Declarative): initials=[u'TU'], mail=[u'%s@%s' % (user1, api.env.domain)], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[DN(('cn',user1),('cn','groups'),('cn','accounts'), api.env.basedn)], memberof_group=[u'ipausers'], diff --git a/ipatests/test_xmlrpc/test_replace.py b/ipatests/test_xmlrpc/test_replace.py index 1b946b76..691918f5 100644 --- a/ipatests/test_xmlrpc/test_replace.py +++ b/ipatests/test_xmlrpc/test_replace.py @@ -66,8 +66,6 @@ class test_replace(Declarative): initials=[u'TU'], mail=[u'test1@example.com', u'test2@example.com'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm),('cn','kerberos'), - api.env.basedn)], mepmanagedentry=[DN(('cn',user1),('cn','groups'),('cn','accounts'), api.env.basedn)], memberof_group=[u'ipausers'], diff --git a/ipatests/test_xmlrpc/test_selinuxusermap_plugin.py b/ipatests/test_xmlrpc/test_selinuxusermap_plugin.py index d1fedf1f..9438bd01 100644 --- a/ipatests/test_xmlrpc/test_selinuxusermap_plugin.py +++ b/ipatests/test_xmlrpc/test_selinuxusermap_plugin.py @@ -216,11 +216,6 @@ class test_selinuxusermap(Declarative): cn=[u'Test User1'], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn', 'global_policy'), - ('cn', api.env.realm), - ('cn', 'kerberos'), - api.env.basedn) - ], mepmanagedentry=[DN(('cn', user1), ('cn', 'groups'), ('cn', 'accounts'), api.env.basedn)], memberof_group=[u'ipausers'], diff --git a/ipatests/test_xmlrpc/test_user_plugin.py b/ipatests/test_xmlrpc/test_user_plugin.py index 98e1965a..6a5ba500 100644 --- a/ipatests/test_xmlrpc/test_user_plugin.py +++ b/ipatests/test_xmlrpc/test_user_plugin.py @@ -125,8 +125,6 @@ class test_user(Declarative): mail=[u'%s@%s' % (user1, api.env.domain)], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[get_group_dn(user1)], memberof_group=[u'ipausers'], has_keytab=False, @@ -199,8 +197,6 @@ class test_user(Declarative): 'gidnumber': [fuzzy_digits], 'ipauniqueid': [fuzzy_uuid], 'mepmanagedentry': [get_group_dn(user1)], - 'krbpwdpolicyreference': [DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], 'nsaccountlock': False, 'has_keytab': False, 'has_password': False, @@ -594,8 +590,6 @@ class test_user(Declarative): ipasshpubkey=[sshpubkey], sshpubkeyfp=[sshpubkeyfp], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[get_group_dn(user1)], memberof_group=[u'ipausers'], has_keytab=False, @@ -650,8 +644,6 @@ class test_user(Declarative): mail=[u'%s@%s' % (user1, api.env.domain)], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[get_group_dn(user1)], memberof_group=[u'ipausers'], has_keytab=False, @@ -687,8 +679,6 @@ class test_user(Declarative): mail=[u'%s@%s' % (user2, api.env.domain)], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[get_group_dn(user2)], memberof_group=[u'ipausers'], has_keytab=False, @@ -908,8 +898,6 @@ class test_user(Declarative): postalcode=[u'01234-5678'], telephonenumber=[u'410-555-1212'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[get_group_dn(user1)], memberof_group=[u'ipausers'], has_keytab=False, @@ -954,8 +942,6 @@ class test_user(Declarative): mail=[u'%s@%s' % (user1, api.env.domain)], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[get_group_dn(user1)], memberof_group=[u'ipausers'], has_keytab=True, @@ -1003,8 +989,6 @@ class test_user(Declarative): mail=[u'%s@%s' % (user2, api.env.domain)], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[get_group_dn(user2)], memberof_group=[u'ipausers'], has_keytab=False, @@ -1075,8 +1059,6 @@ class test_user(Declarative): mail=[u'%s@%s' % (user1, api.env.domain)], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[get_group_dn(user1)], memberof_group=[u'ipausers'], has_keytab=False, @@ -1148,8 +1130,6 @@ class test_user(Declarative): mail=[u'%s@%s' % (user1, api.env.domain)], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[get_group_dn(user1)], memberof_group=[u'ipausers'], has_keytab=False, @@ -1210,8 +1190,6 @@ class test_user(Declarative): initials=[u'TU'], mail=[u'%s@%s' % (user1, api.env.domain)], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[get_group_dn(user1)], memberof_group=[u'ipausers'], has_keytab=False, @@ -1273,8 +1251,6 @@ class test_user(Declarative): mail=[u'%s@%s' % (user2, api.env.domain)], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], memberof_group=[u'ipausers'], has_keytab=False, has_password=False, @@ -1327,8 +1303,6 @@ class test_user(Declarative): mail=[u'%s@%s' % (user1, api.env.domain)], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], memberof_group=[group1], has_keytab=False, has_password=False, @@ -1364,8 +1338,6 @@ class test_user(Declarative): mail=[u'%s@%s' % (user2, api.env.domain)], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], memberof_group=[group1], has_keytab=False, has_password=False, @@ -1446,8 +1418,6 @@ class test_user(Declarative): mail=[u'%s@%s' % (user2, api.env.domain)], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], memberof_group=[group1], nsaccountlock=False, has_keytab=False, @@ -1493,8 +1463,6 @@ class test_user(Declarative): mail=[u'%s@%s' % (user2, api.env.domain)], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], memberof_group=[group1], nsaccountlock=False, has_keytab=False, @@ -1553,8 +1521,6 @@ class test_user(Declarative): initials=[u'SA'], mail=[u'%s@%s' % (admin2, api.env.domain)], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[get_group_dn(admin2)], memberof_group=[u'ipausers'], has_keytab=False, @@ -1744,8 +1710,6 @@ class test_user(Declarative): cn=[u'Test User2'], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn', 'global_policy'), ('cn', api.env.realm), ('cn', 'kerberos'), - api.env.basedn)], mepmanagedentry=[DN(('cn', user2), ('cn', 'groups'), ('cn', 'accounts'), api.env.basedn)], memberof_group=[u'ipausers'], @@ -1780,8 +1744,6 @@ class test_user(Declarative): mail=[u'%s@%s' % (user1, api.env.domain)], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[get_group_dn(user1)], memberof_group=[u'ipausers'], has_keytab=False, @@ -1828,8 +1790,6 @@ class test_user(Declarative): mail=[u'%s@%s' % (user1, api.env.domain)], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[get_group_dn(user1)], memberof_group=[u'ipausers'], has_keytab=False, |