#7932 FreeIPA queries rely on missing attribute altsecurityidentities
Closed: fixed 2 months ago by abbra. Opened 4 months ago by firstyear.

Issue

During analysis of a 389ds issue, it was discovered that altsecurityidentities as an attribute is not present in the FreeIPA schema. This means the attribute can never match in a query, and is not possible to index.

The attribute should be removed from all queries related, or should be added to the schema and indexed.

References:

https://pagure.io/389-ds-base/pull-request/50252#comment-85208


Metadata Update from @pcech:
- Issue tagged with: Raven

4 months ago

Metadata Update from @pcech:
- Issue untagged with: Raven
- Issue tagged with: Falcon

4 months ago

Metadata Update from @frenaud:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/3110

3 months ago

master:

  • 5a83eea Add altSecurityIdentities attribute from MS-WSPP schema definition
  • 7258995 Create indexes for altSecurityIdentities and ipaCertmapData attributes
  • 41ca4d4 certmap rules: altSecurityIdentities should only be used for trusted domains
  • 95c2b34 certmaprule: add negative test for altSecurityIdentities

ipa-4-8:

  • f955145 Add altSecurityIdentities attribute from MS-WSPP schema definition
  • 0841d8b Create indexes for altSecurityIdentities and ipaCertmapData attributes
  • 14ddf7b certmap rules: altSecurityIdentities should only be used for trusted domains
  • 2e37205 certmaprule: add negative test for altSecurityIdentities

ipa-4-7:

  • 9de1287 Add altSecurityIdentities attribute from MS-WSPP schema definition
  • 0c57ce7 Create indexes for altSecurityIdentities and ipaCertmapData attributes
  • bbed1ad certmap rules: altSecurityIdentities should only be used for trusted domains
  • 9f59b3c certmaprule: add negative test for altSecurityIdentities

ipa-4-6:

  • f8fccd5 Add altSecurityIdentities attribute from MS-WSPP schema definition
  • dc81689 Create indexes for altSecurityIdentities and ipaCertmapData attributes
  • 219fb1f certmap rules: altSecurityIdentities should only be used for trusted domains
  • 0cc8ce2 certmaprule: add negative test for altSecurityIdentities

Metadata Update from @abbra:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

2 months ago

Login to comment on this ticket.

Metadata