rpms/ipa
5
0
Fork 0
Code Issues Pull Requests Releases Activity
00f4635acb
ipa/0004-use-LDAP-Whoami-command-when-creating-an-OTP-token.patch
Alexander Bokovoy 4bae5f4bc8 More fixes to Fedora 28 beta
2018-03-21 10:45:19 +02:00

50 lines
2.1 KiB
Diff
Raw Blame History

From 585250368a8841e69176006acb6876abc54843cb Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Tue, 20 Mar 2018 16:40:24 +0200
Subject: [PATCH] use LDAP Whoami command when creating an OTP token
ipa user-find --whoami is used by ipa otptoken-add to populate
ipaTokenOwner and managedBy attributes. These attributes, in turn are
checked by the self-service ACI which allows to create OTP tokens
assigned to the creator.
With 389-ds-base 1.4.0.6-2.fc28 in Fedora 28 beta there is a bug in
searches with scope 'one' that result in ipa user-find --whoami
returning 0 results.
Because ipa user-find --whoami does not work, non-admin user cannot
create a token. This is a regression that can be fixed by using LDAP
Whoami command.
Fixes: https://pagure.io/freeipa/issue/7456
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
---
ipaserver/plugins/otptoken.py | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/ipaserver/plugins/otptoken.py b/ipaserver/plugins/otptoken.py
index d94ae49ff..17b32094d 100644
--- a/ipaserver/plugins/otptoken.py
+++ b/ipaserver/plugins/otptoken.py
@@ -311,13 +311,12 @@ class otptoken_add(LDAPCreate):
# If owner was not specified, default to the person adding this token.
# If managedby was not specified, attempt a sensible default.
if 'ipatokenowner' not in entry_attrs or 'managedby' not in entry_attrs:
- result = self.api.Command.user_find(
- whoami=True, no_members=False)['result']
- if result:
- cur_uid = result[0]['uid'][0]
+ cur_dn = DN(self.api.Backend.ldap2.conn.whoami_s()[4:])
+ if cur_dn:
+ cur_uid = cur_dn[0].value
prev_uid = entry_attrs.setdefault('ipatokenowner', cur_uid)
if cur_uid == prev_uid:
- entry_attrs.setdefault('managedby', result[0]['dn'])
+ entry_attrs.setdefault('managedby', cur_dn.ldap_text())
# Resolve the owner's dn
_normalize_owner(self.api.Object.user, entry_attrs)
--
2.14.3
Reference in New Issue View Git Blame Copy Permalink