From a90a67fc7c4ef114e5f5336d868009fd0caa956b Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Thu, 15 Dec 2016 16:30:00 +0200 Subject: [PATCH] ipa-kdb: search for password policies globally With the CoS templates now used to create additional password policies per object type that are placed under the object subtrees, DAL driver needs to search for the policies in the whole tree. Individual policies referenced by the krbPwdPolicyReference attribute are always searched by their full DN and with the base scope. However, when KDC asks a DAL driver to return a password policy by name, we don't have any specific base to search. The original code did search by the realm subtree. Fixes https://fedorahosted.org/freeipa/ticket/6561 Reviewed-By: Martin Babinsky --- daemons/ipa-kdb/ipa_kdb_pwdpolicy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c b/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c index 076314a12840881a340763ab5693131aaccafec6..0c810af98f7a37b76afc4ca40b29441d9793f12f 100644 --- a/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c +++ b/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c @@ -163,7 +163,7 @@ krb5_error_code ipadb_get_pwd_policy(krb5_context kcontext, char *name, } kerr = ipadb_simple_search(ipactx, - ipactx->realm_base, LDAP_SCOPE_SUBTREE, + ipactx->base, LDAP_SCOPE_SUBTREE, src_filter, std_pwdpolicy_attrs, &res); if (kerr) { goto done; -- 2.10.2