[Freeipa-devel] [PATCH] 0021 slapi-nis should allow password update on a virtual entry

Martin Basti mbasti at redhat.com
Wed Jun 15 15:26:32 UTC 2016 


On 15.06.2016 17:19, thierry bordaz wrote:
> Hello,
>
> This patch is for https://fedorahosted.org/freeipa/ticket/5955
Please put this link to commit message
>
> This is the last patch related "IdM user password change support for 
> legacy client compat tree"
>
>   * It requires DS > 1.3.5.5 (https://fedorahosted.org/389/ticket/48880)
>
Please bump version in freeipa.spec.in and put DS srpms to 
@freeipa/freeipa-master if new DS is not at least in updates testing


>  *
>
>
>
>   * PATCH 0020 https://fedorahosted.org/freeipa/ticket/5946 ipapwd
>     (review by Alexander)
>   * this PATCH 0021
>
> This patch is not the final one because I had to locally define 
> SLAPI_PLUGIN_PRE_EXTOP_FN in order to build on copr.
> The define SLAPI_PLUGIN_PRE_EXTOP_FN comes with DS > 1.3.5.5
>
> A test case is:
>
>     create a user 'tb1'
>
>     # step 1 verify that there is no passwd/krbkeys
>     ldapsearch -LLL -D "cn=directory manager" -w xxx -b
>     "uid=tb1,cn=users,cn=accounts,SUFFIX" userPassword krbPrincipalKey
>
>
>     # step 2 verify that tb1 has a password/krbkeys
>     ldappasswd -D "cn=directory manager" -w xxx
>     "uid=tb1,cn=users,cn=*accounts*,SUFFIX" -s yyy
>     ldapsearch -LLL -D "cn=directory manager" -w xxx -b
>     "uid=tb1,cn=users,cn=accounts,SUFFIX" userPassword krbPrincipalKey
>
>     # step 3 verify that tb1 has different passwd/krbkeys than in step 2
>     ldappasswd -D "cn=directory manager" -w xxx
>     "uid=tb1,cn=users,cn=*accounts*,SUFFIX" -s yyy
>     ldapsearch -LLL -D "cn=directory manager" -w xxx -b
>     "uid=tb1,cn=users,cn=accounts,SUFFIX" userPassword krbPrincipalKey
>
>
>     # step 4 verify that tb1 has different passwd/krbkeys than in step 3
>     ldappasswd -D "cn=directory manager" -w xxx
>     "uid=tb1,cn=users,cn=*compat*,SUFFIX" -s yyy
>     ldapsearch -LLL -D "cn=directory manager" -w xxx -b
>     "uid=tb1,cn=users,cn=accounts,SUFFIX" userPassword krbPrincipalKey
>
>     # step 5 verify that tb1 has different passwd/krbkeys than in step 4
>     ldappasswd -D "cn=directory manager" -w xxx
>     "uid=tb1,cn=users,cn=*compat*,SUFFIX" -s yyy
>     ldapsearch -LLL -D "cn=directory manager" -w xxx -b
>     "uid=tb1,cn=users,cn=accounts,SUFFIX" userPassword krbPrincipalKey
>
Please put these steps to reproduce into ticket, we will need this for QA.

> thanks
> thierry
>
>
>
Thank you,
Martin^2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160615/ca36f8d7/attachment.htm>

More information about the Freeipa-devel mailing list