Re: [Freeipa-devel] [PATCH] 0021 slapi-nis should allow password update on a virtual entry

Wed, 15 Jun 2016 08:27:14 -0700 


On 15.06.2016 17:19, thierry bordaz wrote:

Hello,

This patch is for https://fedorahosted.org/freeipa/ticket/5955

Please put this link to commit message



This is the last patch related "IdM user password change support for 
legacy client compat tree"


  * It requires DS > 1.3.5.5 (https://fedorahosted.org/389/ticket/48880)


Please bump version in freeipa.spec.in and put DS srpms to 
@freeipa/freeipa-master if new DS is not at least in updates testing




 *



  * PATCH 0020 https://fedorahosted.org/freeipa/ticket/5946 ipapwd
    (review by Alexander)
  * this PATCH 0021


This patch is not the final one because I had to locally define 
SLAPI_PLUGIN_PRE_EXTOP_FN in order to build on copr.

The define SLAPI_PLUGIN_PRE_EXTOP_FN comes with DS > 1.3.5.5

A test case is:

    create a user 'tb1'

    # step 1 verify that there is no passwd/krbkeys
    ldapsearch -LLL -D "cn=directory manager" -w xxx -b
    "uid=tb1,cn=users,cn=accounts,SUFFIX" userPassword krbPrincipalKey


    # step 2 verify that tb1 has a password/krbkeys
    ldappasswd -D "cn=directory manager" -w xxx
    "uid=tb1,cn=users,cn=*accounts*,SUFFIX" -s yyy
    ldapsearch -LLL -D "cn=directory manager" -w xxx -b
    "uid=tb1,cn=users,cn=accounts,SUFFIX" userPassword krbPrincipalKey

    # step 3 verify that tb1 has different passwd/krbkeys than in step 2
    ldappasswd -D "cn=directory manager" -w xxx
    "uid=tb1,cn=users,cn=*accounts*,SUFFIX" -s yyy
    ldapsearch -LLL -D "cn=directory manager" -w xxx -b
    "uid=tb1,cn=users,cn=accounts,SUFFIX" userPassword krbPrincipalKey


    # step 4 verify that tb1 has different passwd/krbkeys than in step 3
    ldappasswd -D "cn=directory manager" -w xxx
    "uid=tb1,cn=users,cn=*compat*,SUFFIX" -s yyy
    ldapsearch -LLL -D "cn=directory manager" -w xxx -b
    "uid=tb1,cn=users,cn=accounts,SUFFIX" userPassword krbPrincipalKey

    # step 5 verify that tb1 has different passwd/krbkeys than in step 4
    ldappasswd -D "cn=directory manager" -w xxx
    "uid=tb1,cn=users,cn=*compat*,SUFFIX" -s yyy
    ldapsearch -LLL -D "cn=directory manager" -w xxx -b
    "uid=tb1,cn=users,cn=accounts,SUFFIX" userPassword krbPrincipalKey


Please put these steps to reproduce into ticket, we will need this for QA.


thanks
thierry




Thank you,
Martin^2

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code





















					Reply via email to