From ad6480f845e91479647a2a6d509565e59c4aa480 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Thu, 20 Feb 2014 12:18:16 +0200 Subject: schema-compat: set precedence to 49 to allow OTP binds over compat tree schema-compat plugin rewrites bind DN to point to the original entry on LDAP bind operation. To work with OTP tokens this requires that schema-compat's pre-bind callback is called before pre-bind callback of the ipa-pwd-extop plugin. Therefore, schema-compat plugin should have a nsslapd-pluginprecedence value lower than (default) 50 which is used by the ipa-pwd-extop plugin. Note that this will only work if ticket 47699 is fixed in 389-ds. Reviewed-By: Nathaniel McCallum --- install/share/schema_compat.uldif | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'install/share') diff --git a/install/share/schema_compat.uldif b/install/share/schema_compat.uldif index 40b96116d..9a9607eeb 100644 --- a/install/share/schema_compat.uldif +++ b/install/share/schema_compat.uldif @@ -13,6 +13,10 @@ default:nsslapd-plugininitfunc: schema_compat_plugin_init default:nsslapd-plugintype: object default:nsslapd-pluginenabled: on default:nsslapd-pluginid: schema-compat-plugin +# We need to run schema-compat pre-bind callback before +# other IPA pre-bind callbacks to make sure bind DN is +# rewritten to the original entry if needed +default:nsslapd-pluginprecedence: 49 default:nsslapd-pluginversion: 0.8 default:nsslapd-pluginbetxn: on default:nsslapd-pluginvendor: redhat.com -- cgit