From 46ad7d5e76929d5744355374c1e56c5004bf5281 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 16 Jan 2014 09:06:18 +0100 Subject: [PATCH 29/34] Stop adding a default password policy reference Both the password plugin and the kdb driver code automatically fall back to the default password policy. so stop adding an explicit reference to user objects and instead rely on the fallback. This way users created via the framework and users created via winsync plugin behave the same way wrt password policies and no surprises will happen. Also in case we need to change the default password policy DN this will allow just code changes instead of having to change each user entry created, and distinguish between the default policy and explicit admin changes. Related: https://fedorahosted.org/freeipa/ticket/4085 Patch backported/updated by Martin Kosek to accomodate different ipatests structure in ipa-3-3 branch. --- ipalib/plugins/user.py | 3 -- ipatests/test_xmlrpc/test_attr.py | 2 -- ipatests/test_xmlrpc/test_automember_plugin.py | 4 --- ipatests/test_xmlrpc/test_group_plugin.py | 4 --- ipatests/test_xmlrpc/test_krbtpolicy.py | 2 -- ipatests/test_xmlrpc/test_nesting.py | 8 ----- ipatests/test_xmlrpc/test_netgroup_plugin.py | 4 --- ipatests/test_xmlrpc/test_range_plugin.py | 2 -- ipatests/test_xmlrpc/test_replace.py | 2 -- ipatests/test_xmlrpc/test_selinuxusermap_plugin.py | 5 --- ipatests/test_xmlrpc/test_user_plugin.py | 40 ---------------------- 11 files changed, 76 deletions(-) diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index 471981f48204209753eda2fb994d4c653dca0fa2..9b212005ef522920a86deacc8f9b3e658a088ec1 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -498,9 +498,6 @@ def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): homes_root = config.get('ipahomesrootdir', ['/home'])[0] # build user's home directory based on his uid entry_attrs['homedirectory'] = posixpath.join(homes_root, keys[-1]) - entry_attrs.setdefault('krbpwdpolicyreference', - DN(('cn', 'global_policy'), ('cn', api.env.realm), ('cn', 'kerberos'), - api.env.basedn)) entry_attrs.setdefault('krbprincipalname', '%s@%s' % (entry_attrs['uid'], api.env.realm)) if entry_attrs.get('gidnumber') is None: diff --git a/ipatests/test_xmlrpc/test_attr.py b/ipatests/test_xmlrpc/test_attr.py index 118eabdeb5c8f6e86c0a9fc7dcdf9fc73a0a9ad2..a9e2956947109efcdcd132dff3807b7400d95a09 100644 --- a/ipatests/test_xmlrpc/test_attr.py +++ b/ipatests/test_xmlrpc/test_attr.py @@ -71,8 +71,6 @@ class test_attr(Declarative): cn=[u'Test User1'], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[DN(('cn',user1),('cn','groups'),('cn','accounts'), api.env.basedn)], memberof_group=[u'ipausers'], diff --git a/ipatests/test_xmlrpc/test_automember_plugin.py b/ipatests/test_xmlrpc/test_automember_plugin.py index 2c38b6463bfc684dbe23904f54b7107bb4ce3ff2..32fc59bac70d0f2e16d5d988835772f894bd78a9 100644 --- a/ipatests/test_xmlrpc/test_automember_plugin.py +++ b/ipatests/test_xmlrpc/test_automember_plugin.py @@ -812,8 +812,6 @@ class test_automember(Declarative): cn=[u'Michael Scott'], initials=[u'MS'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn', 'global_policy'), ('cn', api.env.realm), ('cn', 'kerberos'), - api.env.basedn)], mepmanagedentry=[DN(('cn', manager1), ('cn', 'groups'), ('cn', 'accounts'), api.env.basedn)], memberof_group=[u'defaultgroup1', u'ipausers'], @@ -851,8 +849,6 @@ class test_automember(Declarative): cn=[u'Test User1'], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn', 'global_policy'), ('cn', api.env.realm), ('cn', 'kerberos'), - api.env.basedn)], mepmanagedentry=[DN(('cn', user1), ('cn', 'groups'), ('cn', 'accounts'), api.env.basedn)], memberof_group=[u'group1', u'ipausers'], diff --git a/ipatests/test_xmlrpc/test_group_plugin.py b/ipatests/test_xmlrpc/test_group_plugin.py index be31af453bbd28d420c5e9f301bef6eb56388f61..9cc337db2a5f80abc960f5bc8a226372bf16b980 100644 --- a/ipatests/test_xmlrpc/test_group_plugin.py +++ b/ipatests/test_xmlrpc/test_group_plugin.py @@ -812,8 +812,6 @@ class test_group(Declarative): cn=[u'Test User1'], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[get_group_dn(user1)], memberof_group=[u'ipausers'], dn=DN(('uid',user1),('cn','users'),('cn','accounts'), @@ -932,8 +930,6 @@ class test_group(Declarative): ipauniqueid=[fuzzy_uuid], dn=DN(('uid','tuser1'),('cn','users'),('cn','accounts'), api.env.basedn), - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], memberof_group=[u'ipausers'], has_keytab=False, has_password=False, diff --git a/ipatests/test_xmlrpc/test_krbtpolicy.py b/ipatests/test_xmlrpc/test_krbtpolicy.py index 2fac11f1854037aa197f2df42c72a9d7ae947ccd..fb66e8a6ca72bee7dcfc595f3b89badc2608ca09 100644 --- a/ipatests/test_xmlrpc/test_krbtpolicy.py +++ b/ipatests/test_xmlrpc/test_krbtpolicy.py @@ -110,8 +110,6 @@ class test_krbtpolicy(Declarative): cn=[u'Test User1'], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[DN(('cn',user1),('cn','groups'),('cn','accounts'), api.env.basedn)], memberof_group=[u'ipausers'], diff --git a/ipatests/test_xmlrpc/test_nesting.py b/ipatests/test_xmlrpc/test_nesting.py index 850010b8797734406aa81a911a64bb1d051b7196..5be05688973f9ee39425f1bfc9cdedaa1a193c25 100644 --- a/ipatests/test_xmlrpc/test_nesting.py +++ b/ipatests/test_xmlrpc/test_nesting.py @@ -176,8 +176,6 @@ class test_nesting(Declarative): cn=[u'Test User1'], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[DN(('cn',user1),('cn','groups'),('cn','accounts'), api.env.basedn)], memberof_group=[u'ipausers'], @@ -214,8 +212,6 @@ class test_nesting(Declarative): cn=[u'Test User2'], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[DN(('cn',user2),('cn','groups'),('cn','accounts'), api.env.basedn)], memberof_group=[u'ipausers'], @@ -252,8 +248,6 @@ class test_nesting(Declarative): cn=[u'Test User3'], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[DN(('cn',user3),('cn','groups'),('cn','accounts'), api.env.basedn)], memberof_group=[u'ipausers'], @@ -290,8 +284,6 @@ class test_nesting(Declarative): cn=[u'Test User4'], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[DN(('cn',user4),('cn','groups'),('cn','accounts'), api.env.basedn)], memberof_group=[u'ipausers'], diff --git a/ipatests/test_xmlrpc/test_netgroup_plugin.py b/ipatests/test_xmlrpc/test_netgroup_plugin.py index 09241a7d691aeb7d967e549d14ff5d87a80b6a9b..15453bd3cfd45dce9be43cc5003b67a87a7915ac 100644 --- a/ipatests/test_xmlrpc/test_netgroup_plugin.py +++ b/ipatests/test_xmlrpc/test_netgroup_plugin.py @@ -288,8 +288,6 @@ class test_netgroup(Declarative): cn=[u'Test User1'], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[DN(('cn',user1),('cn','groups'),('cn','accounts'), api.env.basedn)], memberof_group=[u'ipausers'], @@ -325,8 +323,6 @@ class test_netgroup(Declarative): cn=[u'Test User2'], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[DN(('cn',user2),('cn','groups'),('cn','accounts'), api.env.basedn)], memberof_group=[u'ipausers'], diff --git a/ipatests/test_xmlrpc/test_range_plugin.py b/ipatests/test_xmlrpc/test_range_plugin.py index df80e2fb72725c52d13be7a661364cbeafa3f84f..8c7b5f26e70283db62f18b152378d1b7d31bcc96 100644 --- a/ipatests/test_xmlrpc/test_range_plugin.py +++ b/ipatests/test_xmlrpc/test_range_plugin.py @@ -248,8 +248,6 @@ def tearDownClass(cls): initials=[u'TU'], mail=[u'%s@%s' % (user1, api.env.domain)], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[DN(('cn',user1),('cn','groups'),('cn','accounts'), api.env.basedn)], memberof_group=[u'ipausers'], diff --git a/ipatests/test_xmlrpc/test_replace.py b/ipatests/test_xmlrpc/test_replace.py index 1b946b76cb9ecccc3452b3714d1647b0a09ec831..691918f5857827365323ed1d20835a15dd899a4f 100644 --- a/ipatests/test_xmlrpc/test_replace.py +++ b/ipatests/test_xmlrpc/test_replace.py @@ -66,8 +66,6 @@ class test_replace(Declarative): initials=[u'TU'], mail=[u'test1@example.com', u'test2@example.com'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm),('cn','kerberos'), - api.env.basedn)], mepmanagedentry=[DN(('cn',user1),('cn','groups'),('cn','accounts'), api.env.basedn)], memberof_group=[u'ipausers'], diff --git a/ipatests/test_xmlrpc/test_selinuxusermap_plugin.py b/ipatests/test_xmlrpc/test_selinuxusermap_plugin.py index d1fedf1f0ff603a702089651db7f226ea58a98cd..9438bd01227c3ed0317976a38de8f67ec4ae425f 100644 --- a/ipatests/test_xmlrpc/test_selinuxusermap_plugin.py +++ b/ipatests/test_xmlrpc/test_selinuxusermap_plugin.py @@ -216,11 +216,6 @@ class test_selinuxusermap(Declarative): cn=[u'Test User1'], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn', 'global_policy'), - ('cn', api.env.realm), - ('cn', 'kerberos'), - api.env.basedn) - ], mepmanagedentry=[DN(('cn', user1), ('cn', 'groups'), ('cn', 'accounts'), api.env.basedn)], memberof_group=[u'ipausers'], diff --git a/ipatests/test_xmlrpc/test_user_plugin.py b/ipatests/test_xmlrpc/test_user_plugin.py index 98e1965a4fbd3c2e77363495d0391be580bd0805..6a5ba50034fd2c9b63db63eeaa0061657574342d 100644 --- a/ipatests/test_xmlrpc/test_user_plugin.py +++ b/ipatests/test_xmlrpc/test_user_plugin.py @@ -125,8 +125,6 @@ class test_user(Declarative): mail=[u'%s@%s' % (user1, api.env.domain)], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[get_group_dn(user1)], memberof_group=[u'ipausers'], has_keytab=False, @@ -199,8 +197,6 @@ class test_user(Declarative): 'gidnumber': [fuzzy_digits], 'ipauniqueid': [fuzzy_uuid], 'mepmanagedentry': [get_group_dn(user1)], - 'krbpwdpolicyreference': [DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], 'nsaccountlock': False, 'has_keytab': False, 'has_password': False, @@ -594,8 +590,6 @@ class test_user(Declarative): ipasshpubkey=[sshpubkey], sshpubkeyfp=[sshpubkeyfp], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[get_group_dn(user1)], memberof_group=[u'ipausers'], has_keytab=False, @@ -650,8 +644,6 @@ class test_user(Declarative): mail=[u'%s@%s' % (user1, api.env.domain)], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[get_group_dn(user1)], memberof_group=[u'ipausers'], has_keytab=False, @@ -687,8 +679,6 @@ class test_user(Declarative): mail=[u'%s@%s' % (user2, api.env.domain)], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[get_group_dn(user2)], memberof_group=[u'ipausers'], has_keytab=False, @@ -908,8 +898,6 @@ class test_user(Declarative): postalcode=[u'01234-5678'], telephonenumber=[u'410-555-1212'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[get_group_dn(user1)], memberof_group=[u'ipausers'], has_keytab=False, @@ -954,8 +942,6 @@ class test_user(Declarative): mail=[u'%s@%s' % (user1, api.env.domain)], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[get_group_dn(user1)], memberof_group=[u'ipausers'], has_keytab=True, @@ -1003,8 +989,6 @@ class test_user(Declarative): mail=[u'%s@%s' % (user2, api.env.domain)], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[get_group_dn(user2)], memberof_group=[u'ipausers'], has_keytab=False, @@ -1075,8 +1059,6 @@ class test_user(Declarative): mail=[u'%s@%s' % (user1, api.env.domain)], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[get_group_dn(user1)], memberof_group=[u'ipausers'], has_keytab=False, @@ -1148,8 +1130,6 @@ class test_user(Declarative): mail=[u'%s@%s' % (user1, api.env.domain)], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[get_group_dn(user1)], memberof_group=[u'ipausers'], has_keytab=False, @@ -1210,8 +1190,6 @@ class test_user(Declarative): initials=[u'TU'], mail=[u'%s@%s' % (user1, api.env.domain)], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[get_group_dn(user1)], memberof_group=[u'ipausers'], has_keytab=False, @@ -1273,8 +1251,6 @@ class test_user(Declarative): mail=[u'%s@%s' % (user2, api.env.domain)], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], memberof_group=[u'ipausers'], has_keytab=False, has_password=False, @@ -1327,8 +1303,6 @@ class test_user(Declarative): mail=[u'%s@%s' % (user1, api.env.domain)], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], memberof_group=[group1], has_keytab=False, has_password=False, @@ -1364,8 +1338,6 @@ class test_user(Declarative): mail=[u'%s@%s' % (user2, api.env.domain)], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], memberof_group=[group1], has_keytab=False, has_password=False, @@ -1446,8 +1418,6 @@ class test_user(Declarative): mail=[u'%s@%s' % (user2, api.env.domain)], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], memberof_group=[group1], nsaccountlock=False, has_keytab=False, @@ -1493,8 +1463,6 @@ class test_user(Declarative): mail=[u'%s@%s' % (user2, api.env.domain)], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], memberof_group=[group1], nsaccountlock=False, has_keytab=False, @@ -1553,8 +1521,6 @@ class test_user(Declarative): initials=[u'SA'], mail=[u'%s@%s' % (admin2, api.env.domain)], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[get_group_dn(admin2)], memberof_group=[u'ipausers'], has_keytab=False, @@ -1744,8 +1710,6 @@ class test_user(Declarative): cn=[u'Test User2'], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn', 'global_policy'), ('cn', api.env.realm), ('cn', 'kerberos'), - api.env.basedn)], mepmanagedentry=[DN(('cn', user2), ('cn', 'groups'), ('cn', 'accounts'), api.env.basedn)], memberof_group=[u'ipausers'], @@ -1780,8 +1744,6 @@ class test_user(Declarative): mail=[u'%s@%s' % (user1, api.env.domain)], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[get_group_dn(user1)], memberof_group=[u'ipausers'], has_keytab=False, @@ -1828,8 +1790,6 @@ class test_user(Declarative): mail=[u'%s@%s' % (user1, api.env.domain)], initials=[u'TU'], ipauniqueid=[fuzzy_uuid], - krbpwdpolicyreference=[DN(('cn','global_policy'),('cn',api.env.realm), - ('cn','kerberos'),api.env.basedn)], mepmanagedentry=[get_group_dn(user1)], memberof_group=[u'ipausers'], has_keytab=False, -- 1.8.4.2