Enable SASL mapping fallback.

Assign a default priority of 10 to our SASL mappings. https://fedorahosted.org/freeipa/ticket/3330
author: Jan Cholasta <jcholast@redhat.com> 2013-03-22 11:15:51 +0100
committer: Martin Kosek <mkosek@redhat.com> 2013-06-27 17:06:51 +0200
commit: ea7db35b6224b8c67b789ac1eb35c9bc6c3eb6b5 (patch)
tree: 6bef91fb844bdbe262bcb5e0257fb731f359be04 /ipaserver/install
parent: f5bc155f56a3673a419f921db18e64f8647065ec (diff)
download: freeipa.git-ea7db35b6224b8c67b789ac1eb35c9bc6c3eb6b5.tar.gz
freeipa.git-ea7db35b6224b8c67b789ac1eb35c9bc6c3eb6b5.tar.xz
freeipa.git-ea7db35b6224b8c67b789ac1eb35c9bc6c3eb6b5.zip
2 files changed, 7 insertions, 2 deletions
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 01b082a7..e48ced4b 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -215,6 +215,7 @@ class DsInstance(service.Service):
         self.step("configure autobind for root", self.__root_autobind)
         self.step("configure new location for managed entries", self.__repoint_managed_entries)
         self.step("configure dirsrv ccache", self.configure_dirsrv_ccache)
+        self.step("enable SASL mapping fallback", self.__enable_sasl_mapping_fallback)
         self.step("restarting directory server", self.__restart_instance)
 
     def __common_post_setup(self):
@@ -657,6 +658,9 @@ class DsInstance(service.Service):
     def __enable_ldapi(self):
         self._ldap_mod("ldapi.ldif", self.sub_dict)
 
+    def __enable_sasl_mapping_fallback(self):
+        self._ldap_mod("sasl-mapping-fallback.ldif", self.sub_dict)
+
     def add_hbac(self):
         self._ldap_mod("default-hbac.ldif", self.sub_dict)
 
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index 33cd3489..a16e4d5f 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -277,6 +277,7 @@ class KrbInstance(service.Service):
             nsSaslMapRegexString=['\(.*\)@\(.*\)'],
             nsSaslMapBaseDNTemplate=[self.suffix],
             nsSaslMapFilterTemplate=['(krbPrincipalName=\\1@\\2)'],
+            nsSaslMapPriority=['10'],
         )
         self.admin_conn.add_entry(entry)
 
@@ -288,8 +289,8 @@ class KrbInstance(service.Service):
             cn=["Name Only"],
             nsSaslMapRegexString=['^[^:@]+$'],
             nsSaslMapBaseDNTemplate=[self.suffix],
-            nsSaslMapFilterTemplate=[
-                '(krbPrincipalName=&@%s)' % self.realm],
+            nsSaslMapFilterTemplate=['(krbPrincipalName=&@%s)' % self.realm],
+            nsSaslMapPriority=['10'],
         )
         self.admin_conn.add_entry(entry)
author	Jan Cholasta <jcholast@redhat.com>	2013-03-22 11:15:51 +0100
committer	Martin Kosek <mkosek@redhat.com>	2013-06-27 17:06:51 +0200
commit	ea7db35b6224b8c67b789ac1eb35c9bc6c3eb6b5 (patch)
tree	6bef91fb844bdbe262bcb5e0257fb731f359be04 /ipaserver/install
parent	f5bc155f56a3673a419f921db18e64f8647065ec (diff)
download	freeipa.git-ea7db35b6224b8c67b789ac1eb35c9bc6c3eb6b5.tar.gz freeipa.git-ea7db35b6224b8c67b789ac1eb35c9bc6c3eb6b5.tar.xz freeipa.git-ea7db35b6224b8c67b789ac1eb35c9bc6c3eb6b5.zip