|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
firstyear commented 5 years ago | ||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
spichugi commented 5 years ago Let's name the test case with a human-readable name. And let's move it from dirsrvtests/tests/tickets/ticket50070_test.py | ||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
spichugi commented 5 years ago You can use M1.config.replace('nsslapd-unhashed-pw-switch', 'on') here. It is more human readable and it takes care about 'bytes' issue | ||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
spichugi commented 5 years ago Instead of the function you can add a generic test user. It will work okay for your test case because it has basically the same attributes and you don't need anything special here. users = UserAccounts(inst, DEFAULT_SUFFIX) | ||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
spichugi commented 5 years ago And this can be replaced with | ||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
spichugi commented 5 years ago It can be deleted after you've created your test case | ||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
firstyear commented 5 years ago You have nolog and on_only_repl, but two lines below, we log valid values and we don't list "on_only_repl". I also think that this name is really confusing, because I'm not sure what "nolog" does by looking it at. I think a clearer configuration name is required. | ||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Bug Description:
The option 'nsslapd-unhashed-pw-switch: nolog' prevents to log
unhashed#user#password in the logs (replication changelog and retroCL).
It could be a security concern to, releasing unhashed password to a ldap
client. A new option is to prevent logging of unhashed password in the
retroCL.
Fix Description:
The fix is to not log in retroCL the unhashed password when the
nsslapd-unhashed-pw-switch is 'nolog' or 'on_only_repl'
https://pagure.io/389-ds-base/issue/50070
Reviewed by: ?
Platforms tested: F27
Flag Day: no
Doc impact: no
Don't use raw entry in tests, please use user type.