freeipa

Clone
Source Code
GIT

ffc2edf baseldap: when adding external objects, differentiate between them and failures

1 file Authored by abbra 3 years ago, Committed by rcritten 3 years ago,
raw patch tree parent
1 file changed. 61 lines added. 1 lines removed.
ipaserver/plugins/baseldap.py
file modified
+61 -1 
    baseldap: when adding external objects, differentiate between them and failures
    
    It was possible to add external members without any validation. Any
    object that was not found in IPA LDAP was considered an external object
    and a command such as sudorule could have added it to the list of values
    for externalUser attribute.
    
    With member validator support, real external members from trusted
    domains can be differentiated from the objects that were not found in
    IPA and in trusted domains.
    
    Use information from the ID Views plugin to treat external objects
    accordingly. Not found objects will be part of the error messaging
    instead.
    
    Fixes: https://pagure.io/freeipa/issue/3226
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Christian Heimes <cheimes@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
    Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
file modified
+61 -1
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.