Issue #7456: ipa otptoken-add should use LDAP Whoami call - freeipa

freeipa

#7456 ipa otptoken-add should use LDAP Whoami call

Closed: fixed 6 years ago Opened 6 years ago by abbra.

With 389-ds-base 1.4.0.6-2.fc28 in Fedora 28 beta there is a bug in searches with scope 'one' that result in ipa user-find --whoami returning 0 results.

ipa user-find --whoami is used by ipa otptoken-add to populate ipaTokenOwner and managedBy attributes. These attributes, in turn are checked by the self-service ACI which allows to create OTP tokens assigned to the creator.

Because ipa user-find --whoami does not work, non-admin user cannot create a token. This is a regression that can be fixed by using LDAP Whoami command.

Metadata Update from @abbra:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/1714

6 years ago

cheimes commented 6 years ago

master:

b47d6a3 use LDAP Whoami command when creating an OTP token

Metadata Update from @cheimes:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

6 years ago

Metadata

Assignee

abbra

Tags

None

Blocking

None

Depending on

None

Priority

None

Milestone

None

affects_doc

None

source

None

knownissue

None

type

None

blockedby

None

test_case

None

component

None

blocking

None

on_review

https://github.com/freeipa/freeipa/pull/1714

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

None

tester

None

changelog

None

design

None

freeipa

Source Code

#7456 ipa otptoken-add should use LDAP Whoami call Closed: fixed 6 years ago Opened 6 years ago by abbra.

Metadata

#7456 ipa otptoken-add should use LDAP Whoami call

Closed: fixed 6 years ago Opened 6 years ago by abbra.