pgreco / rpms / ipa

Forked from forks/areguera/rpms/ipa 4 years ago
Clone

Blame SOURCES/0147-ipa-kdb-search-for-password-policies-globally.patch

53a374
From a90a67fc7c4ef114e5f5336d868009fd0caa956b Mon Sep 17 00:00:00 2001
53a374
From: Alexander Bokovoy <abokovoy@redhat.com>
53a374
Date: Thu, 15 Dec 2016 16:30:00 +0200
53a374
Subject: [PATCH] ipa-kdb: search for password policies globally
53a374
53a374
With the CoS templates now used to create additional password policies
53a374
per object type that are placed under the object subtrees, DAL driver
53a374
needs to search for the policies in the whole tree.
53a374
53a374
Individual policies referenced by the krbPwdPolicyReference attribute
53a374
are always searched by their full DN and with the base scope. However,
53a374
when KDC asks a DAL driver to return a password policy by name, we don't
53a374
have any specific base to search. The original code did search by the
53a374
realm subtree.
53a374
53a374
Fixes https://fedorahosted.org/freeipa/ticket/6561
53a374
53a374
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
53a374
---
53a374
 daemons/ipa-kdb/ipa_kdb_pwdpolicy.c | 2 +-
53a374
 1 file changed, 1 insertion(+), 1 deletion(-)
53a374
53a374
diff --git a/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c b/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c
53a374
index 076314a12840881a340763ab5693131aaccafec6..0c810af98f7a37b76afc4ca40b29441d9793f12f 100644
53a374
--- a/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c
53a374
+++ b/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c
53a374
@@ -163,7 +163,7 @@ krb5_error_code ipadb_get_pwd_policy(krb5_context kcontext, char *name,
53a374
     }
53a374
 
53a374
     kerr = ipadb_simple_search(ipactx,
53a374
-                               ipactx->realm_base, LDAP_SCOPE_SUBTREE,
53a374
+                               ipactx->base, LDAP_SCOPE_SUBTREE,
53a374
                                src_filter, std_pwdpolicy_attrs, &res;;
53a374
     if (kerr) {
53a374
         goto done;
53a374
-- 
53a374
2.10.2
53a374