diff options
| author | Alexander Bokovoy <abokovoy@redhat.com> | 2014-02-20 12:18:16 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2014-04-04 08:45:43 +0200 |
| commit | ad6480f845e91479647a2a6d509565e59c4aa480 (patch) | |
| tree | ff1b87f35c5fd359266d0229fbc29ef095f1995a /install/share | |
| parent | 480eba26a14cc616c4c336a6db69fb8ba66a0a60 (diff) | |
| download | freeipa-ad6480f845e91479647a2a6d509565e59c4aa480.tar.gz freeipa-ad6480f845e91479647a2a6d509565e59c4aa480.tar.xz freeipa-ad6480f845e91479647a2a6d509565e59c4aa480.zip | |
schema-compat: set precedence to 49 to allow OTP binds over compat tree
schema-compat plugin rewrites bind DN to point to the original entry
on LDAP bind operation. To work with OTP tokens this requires that
schema-compat's pre-bind callback is called before pre-bind callback of
the ipa-pwd-extop plugin. Therefore, schema-compat plugin should have
a nsslapd-pluginprecedence value lower than (default) 50 which is used
by the ipa-pwd-extop plugin.
Note that this will only work if ticket 47699 is fixed in 389-ds.
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
Diffstat (limited to 'install/share')
| -rw-r--r-- | install/share/schema_compat.uldif | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/install/share/schema_compat.uldif b/install/share/schema_compat.uldif index 40b96116d..9a9607eeb 100644 --- a/install/share/schema_compat.uldif +++ b/install/share/schema_compat.uldif @@ -13,6 +13,10 @@ default:nsslapd-plugininitfunc: schema_compat_plugin_init default:nsslapd-plugintype: object default:nsslapd-pluginenabled: on default:nsslapd-pluginid: schema-compat-plugin +# We need to run schema-compat pre-bind callback before +# other IPA pre-bind callbacks to make sure bind DN is +# rewritten to the original entry if needed +default:nsslapd-pluginprecedence: 49 default:nsslapd-pluginversion: 0.8 default:nsslapd-pluginbetxn: on default:nsslapd-pluginvendor: redhat.com |