freeipa.git/daemons/ipa-slapi-plugins, branch ipa-2-2 FreeIPA patches Fix migration code password setting. 2012-05-17T15:18:12+00:00 Simo Sorce ssorce@redhat.com 2012-05-17T14:33:43+00:00 f883b2547d887eac7976d0372f5b25d48a1b3a4d When we set a password we also need to make sure krbExtraData is set. If not kadmin will later complain that the object is corrupted at password change time. Ticket: https://fedorahosted.org/freeipa/ticket/2764 
When we set a password we also need to make sure krbExtraData is set.
If not kadmin will later complain that the object is corrupted at password
change time.

Ticket: https://fedorahosted.org/freeipa/ticket/2764
Treat UPGs correctly in winsync replication 2012-03-15T08:57:47+00:00 Martin Kosek mkosek@redhat.com 2012-03-06T14:59:20+00:00 16918715dd4b964d5d861a3075b356918034e908 IPA winsync plugin failed to replicate users when default user group was non-posix even though User Private Groups (UPG) were enabled on the server. Both their uidNumber and gidNumber were empty and they missed essential object classes. When the default user group was made posix and UPG was disabled it did not set gidNumber to the default group gidNumber. This patch improves this behavior to set gidNumber correctly according to UPG configuration and the default group status (posix/non-posix). 4 situations can occur, the following list specifies what value is assigned to user gidNumber: 1) Default group posix, UPG enabled: gidNumber = UPG gidNumber 2) Default group posix, UPG disabled: gidNumber = default group gidNumber 3) Default group non-posix, UPG enabled: gidNumber = UPG gidNumber 4) Default group non-posix, UPG disabled: an error is printed to the dirsrv log as the gidNumber cannot be retrieved. User is replicated in the same way as before this patch, i.e. without essential object classes. https://fedorahosted.org/freeipa/ticket/2436 
IPA winsync plugin failed to replicate users when default user group
was non-posix even though User Private Groups (UPG) were enabled
on the server. Both their uidNumber and gidNumber were empty and
they missed essential object classes. When the default user group
was made posix and UPG was disabled it did not set gidNumber to
the default group gidNumber.

This patch improves this behavior to set gidNumber correctly
according to UPG configuration and the default group status
(posix/non-posix). 4 situations can occur, the following list
specifies what value is assigned to user gidNumber:
 1) Default group posix, UPG enabled: gidNumber = UPG gidNumber
 2) Default group posix, UPG disabled: gidNumber = default
    group gidNumber
 3) Default group non-posix, UPG enabled: gidNumber = UPG gidNumber
 4) Default group non-posix, UPG disabled: an error is printed to
    the dirsrv log as the gidNumber cannot be retrieved. User
    is replicated in the same way as before this patch, i.e.
    without essential object classes.

https://fedorahosted.org/freeipa/ticket/2436
Improve password change error message 2012-02-03T16:22:24+00:00 Martin Kosek mkosek@redhat.com 2012-02-02T10:55:14+00:00 55cd9e7dbec3d74c1856fc177bb3d64010761cc2 User always receives the same error message if he changes his password via "ipa passwd" command and the new password fails configured password policy. He then has to investigate on his own the actual reason why was the policy violated. This patch improves our SLAPI PWD plugins to provide a better error message explaining the violation reason. https://fedorahosted.org/freeipa/ticket/2067 
User always receives the same error message if he changes his password
via "ipa passwd" command and the new password fails configured
password policy. He then has to investigate on his own the actual
reason why was the policy violated. This patch improves our SLAPI PWD
plugins to provide a better error message explaining the violation
reason.

https://fedorahosted.org/freeipa/ticket/2067
Remove ipa_get_random_salt() from ipapwd_encoding.c 2012-01-11T17:04:23+00:00 Rob Crittenden rcritten@redhat.com 2012-01-10T22:40:55+00:00 1dadd06067acbf21ce1bd2ca73c082b21f907579 This appeared only in the 2.1 branch and is not needed 
This appeared only in the 2.1 branch and is not needed
Remove include for errno.h that was specific to 2.1 branch 2012-01-11T17:04:22+00:00 Rob Crittenden rcritten@redhat.com 2012-01-10T22:00:23+00:00 39d0488f1b0d025cc8c7de3229228cc6a6fac6eb https://fedorahosted.org/freeipa/ticket/2038 
https://fedorahosted.org/freeipa/ticket/2038
Fix CID 10745: Unchecked return value 2012-01-11T17:04:15+00:00 Simo Sorce ssorce@redhat.com 2011-11-03T13:57:41+00:00 24a9cb6fc9392c1249923a8e339194877cc30df6 https://fedorahosted.org/freeipa/ticket/2036 
https://fedorahosted.org/freeipa/ticket/2036
Fix CID 10743: Unchecked return value 2012-01-11T17:04:15+00:00 Simo Sorce ssorce@redhat.com 2011-11-03T14:05:21+00:00 0ef4ead356b0a0e8e28d438d836ae6ad853508e7 https://fedorahosted.org/freeipa/ticket/2036 
https://fedorahosted.org/freeipa/ticket/2036
Fix CID 10742: Unchecked return value 2012-01-11T17:04:15+00:00 Simo Sorce ssorce@redhat.com 2011-11-03T14:06:48+00:00 0a1da0d7b2876508e8ae19b70df250131f6ee6ce https://fedorahosted.org/freeipa/ticket/2036 
https://fedorahosted.org/freeipa/ticket/2036
include <stdint.h> for uintptr_t 2012-01-11T17:04:13+00:00 Marko Myllynen myllynen@redhat.com 2011-09-21T12:03:55+00:00 d49a6c809542e276ff5f2046d8791dda90634cb7 






ipa-pwd-extop: Allow kadmin to set krb keys
2012-01-11T17:04:13+00:00

Simo Sorce
ssorce@redhat.com

2011-07-07T17:30:15+00:00

7bd3a49864f5014f524f7b52bffe5da6afbf7e4f

Prevent the ipa-pwd-extop plugin from re-generating keys when kadimn is storing
a new set of keys. Only generate the userPassword and sambaXXPassword hashes.
Also avoid checking policies in this case and if history is provided avoid
regenerating the passwordHistory too.





Prevent the ipa-pwd-extop plugin from re-generating keys when kadimn is storing
a new set of keys. Only generate the userPassword and sambaXXPassword hashes.
Also avoid checking policies in this case and if history is provided avoid
regenerating the passwordHistory too.