caae578990
- Resolves: rhbz#2110014 ldap bind occurs when admin user changes password with gracelimit=0 - Resolves: rhbz#2112901 RFE: Allow grace login limit to be set in IPA WebUI - Resolves: rhbz#2115495 group password policy by default does not allow grace logins - Resolves: rhbz#2116966 ipa-replica-manage displays traceback: Unexpected error: 'bool' object has no attribute 'lower'
75 lines
3.0 KiB
Diff
75 lines
3.0 KiB
Diff
From 45e6d49b94da78cd82eb016b3266a17a1359a087 Mon Sep 17 00:00:00 2001
|
|
From: Rob Crittenden <rcritten@redhat.com>
|
|
Date: Thu, 4 Aug 2022 12:04:22 -0400
|
|
Subject: [PATCH] Set default gracelimit on group password policies to -1
|
|
|
|
This will retain previous behavior of unlimited LDAP BIND
|
|
post-expiration.
|
|
|
|
Fixes: https://pagure.io/freeipa/issue/9212
|
|
|
|
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
|
|
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
|
|
---
|
|
API.txt | 2 +-
|
|
ipaserver/plugins/pwpolicy.py | 2 ++
|
|
ipatests/test_xmlrpc/test_pwpolicy_plugin.py | 2 ++
|
|
3 files changed, 5 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/API.txt b/API.txt
|
|
index 66929b921b197e27ede847fb6b10bf1e44c3464a..210bfc4950e6a7346dbdd6e29d1096b2f8750b1e 100644
|
|
--- a/API.txt
|
|
+++ b/API.txt
|
|
@@ -4076,7 +4076,7 @@ option: Int('krbpwdlockoutduration?', cli_name='lockouttime')
|
|
option: Int('krbpwdmaxfailure?', cli_name='maxfail')
|
|
option: Int('krbpwdmindiffchars?', cli_name='minclasses')
|
|
option: Int('krbpwdminlength?', cli_name='minlength')
|
|
-option: Int('passwordgracelimit?', cli_name='gracelimit', default=-1)
|
|
+option: Int('passwordgracelimit?', autofill=True, cli_name='gracelimit', default=-1)
|
|
option: Flag('raw', autofill=True, cli_name='raw', default=False)
|
|
option: Str('setattr*', cli_name='setattr')
|
|
option: Str('version?')
|
|
diff --git a/ipaserver/plugins/pwpolicy.py b/ipaserver/plugins/pwpolicy.py
|
|
index 4428aede2dcc7a2a0b6128bf7f58eb47e4a8e07d..f4ebffd5c8f06a53b6c4d5e48ff6eeafa240e3a4 100644
|
|
--- a/ipaserver/plugins/pwpolicy.py
|
|
+++ b/ipaserver/plugins/pwpolicy.py
|
|
@@ -408,6 +408,7 @@ class pwpolicy(LDAPObject):
|
|
minvalue=-1,
|
|
maxvalue=Int.MAX_UINT32,
|
|
default=-1,
|
|
+ autofill=True,
|
|
),
|
|
)
|
|
|
|
@@ -539,6 +540,7 @@ class pwpolicy_add(LDAPCreate):
|
|
keys[-1], krbpwdpolicyreference=dn,
|
|
cospriority=options.get('cospriority')
|
|
)
|
|
+
|
|
return dn
|
|
|
|
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
|
|
diff --git a/ipatests/test_xmlrpc/test_pwpolicy_plugin.py b/ipatests/test_xmlrpc/test_pwpolicy_plugin.py
|
|
index 8eee69c185b15be72870050ed247f252c72d1c66..fc785223bfe56269ad8b211e8f1c3ac9f4064c3c 100644
|
|
--- a/ipatests/test_xmlrpc/test_pwpolicy_plugin.py
|
|
+++ b/ipatests/test_xmlrpc/test_pwpolicy_plugin.py
|
|
@@ -387,6 +387,7 @@ class test_pwpolicy_mod_cospriority(Declarative):
|
|
krbpwdhistorylength=[u'10'],
|
|
krbpwdmindiffchars=[u'3'],
|
|
krbpwdminlength=[u'8'],
|
|
+ passwordgracelimit=[u'-1'],
|
|
objectclass=objectclasses.pwpolicy,
|
|
),
|
|
summary=None,
|
|
@@ -417,6 +418,7 @@ class test_pwpolicy_mod_cospriority(Declarative):
|
|
krbpwdhistorylength=[u'10'],
|
|
krbpwdmindiffchars=[u'3'],
|
|
krbpwdminlength=[u'8'],
|
|
+ passwordgracelimit=[u'-1'],
|
|
),
|
|
summary=None,
|
|
value=u'ipausers',
|
|
--
|
|
2.37.2
|
|
|