diff options
| author | Thierry Bordaz <tbordaz@redhat.com> | 2016-06-16 16:28:03 +0200 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2016-06-20 19:09:45 +0200 |
| commit | 8192e2f8c19acbc0c20903b54707cb42aec6e778 (patch) | |
| tree | f3811aa2e49fadf9c66aa778cdd7bf1d76e609ed /install | |
| parent | 91d6d87ca76e3aa27d5f87fd4f0b70f1d4fe4e72 (diff) | |
| download | freeipa-8192e2f8c19acbc0c20903b54707cb42aec6e778.tar.gz freeipa-8192e2f8c19acbc0c20903b54707cb42aec6e778.tar.xz freeipa-8192e2f8c19acbc0c20903b54707cb42aec6e778.zip | |
Make sure ipapwd_extop takes precedence over passwd_modify_extop
DS core server provides a default plugin (passwd_modify_extop) to handle
1.3.6.1.4.1.4203.1.11.1 extended op (https://www.ietf.org/rfc/rfc3062.txt)
IPA delivers ipa_pwd_extop plugin that should take precedence over
the default DS plugin (passwd_modify_extop)
In addition make sure that slapi-nis has a low precedence
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'install')
| -rw-r--r-- | install/share/schema_compat.uldif | 2 | ||||
| -rw-r--r-- | install/updates/10-ipapwd.update | 9 | ||||
| -rw-r--r-- | install/updates/10-schema_compat.update | 2 |
3 files changed, 11 insertions, 2 deletions
diff --git a/install/share/schema_compat.uldif b/install/share/schema_compat.uldif index a3d412f7a..66f8ea1c3 100644 --- a/install/share/schema_compat.uldif +++ b/install/share/schema_compat.uldif @@ -16,7 +16,7 @@ default:nsslapd-pluginid: schema-compat-plugin # We need to run schema-compat pre-bind callback before # other IPA pre-bind callbacks to make sure bind DN is # rewritten to the original entry if needed -default:nsslapd-pluginprecedence: 49 +default:nsslapd-pluginprecedence: 40 default:nsslapd-pluginversion: 0.8 default:nsslapd-pluginbetxn: on default:nsslapd-pluginvendor: redhat.com diff --git a/install/updates/10-ipapwd.update b/install/updates/10-ipapwd.update new file mode 100644 index 000000000..d9bffa279 --- /dev/null +++ b/install/updates/10-ipapwd.update @@ -0,0 +1,9 @@ +dn: cn=ipa_pwd_extop,cn=plugins,cn=config +# DS core server provides a default plugin (passwd_modify_extop) to handle +# 1.3.6.1.4.1.4203.1.11.1 extended op (https://www.ietf.org/rfc/rfc3062.txt) +# the pluginprecedence of the passwd_modify_extop is 50 (default value) +# +# IPA delivers ipa_pwd_extop plugin to handle that extended op +# we need to make sure ipa_pwd_extop is called and so to set a lower +# precedence value +add:nsslapd-pluginprecedence: 49 diff --git a/install/updates/10-schema_compat.update b/install/updates/10-schema_compat.update index 2d257a328..e4c257d32 100644 --- a/install/updates/10-schema_compat.update +++ b/install/updates/10-schema_compat.update @@ -74,7 +74,7 @@ dn: cn=Schema Compatibility,cn=plugins,cn=config # We need to run schema-compat pre-bind callback before # other IPA pre-bind callbacks to make sure bind DN is # rewritten to the original entry if needed -add:nsslapd-pluginprecedence: 49 +add:nsslapd-pluginprecedence: 40 dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") |