freeipa.git - FreeIPA patches

diff options

author	Tomas Babej <tbabej@redhat.com>	2014-04-01 12:41:16 +0200
committer	Alexander Bokovoy <abokovoy@redhat.com>	2014-05-05 18:50:01 +0300
commit	5d78cdf80951748f5f954a69c41a2a2cb1b84812 (patch)
tree	7e73d71c74c082e50f863d1c50248d8ccb50d6f0 /ipatests/test_webui/task_range.py
parent	c3d7e66291987149b3b9a019945179c54debfbf1 (diff)
download	freeipa-5d78cdf80951748f5f954a69c41a2a2cb1b84812.tar.gz freeipa-5d78cdf80951748f5f954a69c41a2a2cb1b84812.tar.xz freeipa-5d78cdf80951748f5f954a69c41a2a2cb1b84812.zip

ipa-pwd-extop: Deny LDAP binds for accounts with expired principals

Adds a check for krbprincipalexpiration attribute to pre_bind operation in ipa-pwd-extop dirsrv plugin. If the principal is expired, auth is denied and LDAP_UNWILLING_TO_PERFORM along with the error message is sent back to the client. Since krbprincipalexpiration attribute is not mandatory, if there is no value set, the check is passed. https://fedorahosted.org/freeipa/ticket/3305 Reviewed-By: Simo Sorce <simo@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>

Diffstat (limited to 'ipatests/test_webui/task_range.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: