[Freeipa-devel] [PATCH] 0019 ipapwd_extop should take precedence over default DS plugin
Alexander Bokovoy
abokovoy at redhat.com
Mon Jun 13 14:57:21 UTC 2016
On Mon, 13 Jun 2016, thierry bordaz wrote:
>This is the fix for https://fedorahosted.org/freeipa/ticket/5944
>>From 2838fbfc7a22b9bc0c1c4dfaf3660d1ac7099461 Mon Sep 17 00:00:00 2001
>From: Thierry Bordaz <tbordaz at redhat.com>
>Date: Wed, 8 Jun 2016 14:03:42 +0200
>Subject: [PATCH] Make sure ipapwd_extop takes precedence over
> passwd_modify_extop
>
>DS core server provides a default plugin (passwd_modify_extop) to handle
>1.3.6.1.4.1.4203.1.11.1 extended op (https://www.ietf.org/rfc/rfc3062.txt)
>
>IPA delivers ipa_pwd_extop plugin that should take precedence over
>the default DS plugin (passwd_modify_extop)
>---
> install/updates/10-ipapwd.update | 9 +++++++++
> 1 file changed, 9 insertions(+)
> create mode 100644 install/updates/10-ipapwd.update
>
>diff --git a/install/updates/10-ipapwd.update b/install/updates/10-ipapwd.update
>new file mode 100644
>index 0000000..d9bffa2
>--- /dev/null
>+++ b/install/updates/10-ipapwd.update
>@@ -0,0 +1,9 @@
>+dn: cn=ipa_pwd_extop,cn=plugins,cn=config
>+# DS core server provides a default plugin (passwd_modify_extop) to handle
>+# 1.3.6.1.4.1.4203.1.11.1 extended op (https://www.ietf.org/rfc/rfc3062.txt)
>+# the pluginprecedence of the passwd_modify_extop is 50 (default value)
>+#
>+# IPA delivers ipa_pwd_extop plugin to handle that extended op
>+# we need to make sure ipa_pwd_extop is called and so to set a lower
>+# precedence value
>+add:nsslapd-pluginprecedence: 49
Here is the problem: slapi-nis is 49 as well and it should be before
ipa_pwd_extop.
You need to update install/share/schema_compat.uldif and
install/updates/10-schema_compat.update to get slapi-nis before
ipa_pwd_extop.
You also need to make sure we depend on the updated 389-ds-base package
version.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list