diff options
| author | Alexander Bokovoy <abokovoy@redhat.com> | 2016-12-15 16:30:00 +0200 |
|---|---|---|
| committer | Martin Babinsky <mbabinsk@redhat.com> | 2016-12-15 17:32:33 +0100 |
| commit | 73f33569c8893610e246b2f44a7aeaec872b37e6 (patch) | |
| tree | 93d3a09a6593660f6769ef8ad964898f0c6e67e3 | |
| parent | fec4c32ff15a96736740cf7d2f713a21af0b227e (diff) | |
| download | freeipa-73f33569c8893610e246b2f44a7aeaec872b37e6.tar.gz freeipa-73f33569c8893610e246b2f44a7aeaec872b37e6.tar.xz freeipa-73f33569c8893610e246b2f44a7aeaec872b37e6.zip | |
ipa-kdb: search for password policies globally
With the CoS templates now used to create additional password policies
per object type that are placed under the object subtrees, DAL driver
needs to search for the policies in the whole tree.
Individual policies referenced by the krbPwdPolicyReference attribute
are always searched by their full DN and with the base scope. However,
when KDC asks a DAL driver to return a password policy by name, we don't
have any specific base to search. The original code did search by the
realm subtree.
Fixes https://fedorahosted.org/freeipa/ticket/6561
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
| -rw-r--r-- | daemons/ipa-kdb/ipa_kdb_pwdpolicy.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c b/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c index 076314a12..0c810af98 100644 --- a/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c +++ b/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c @@ -163,7 +163,7 @@ krb5_error_code ipadb_get_pwd_policy(krb5_context kcontext, char *name, } kerr = ipadb_simple_search(ipactx, - ipactx->realm_base, LDAP_SCOPE_SUBTREE, + ipactx->base, LDAP_SCOPE_SUBTREE, src_filter, std_pwdpolicy_attrs, &res); if (kerr) { goto done; |