Stop adding a default password policy reference

Both the password plugin and the kdb driver code automatically fall back to the default password policy. so stop adding an explicit reference to user objects and instead rely on the fallback. This way users created via the framework and users created via winsync plugin behave the same way wrt password policies and no surprises will happen. Also in case we need to change the default password policy DN this will allow just code changes instead of having to change each user entry created, and distinguish between the default policy and explicit admin changes. Related: https://fedorahosted.org/freeipa/ticket/4085
2025-02-25 18:55:28 -06:00 · 2014-01-14 10:18:43 -05:00
parent d0ed25c8cb
commit 088fbad353
2 changed files with 0 additions and 7 deletions
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -529,9 +529,6 @@ class user_add(LDAPCreate):
            homes_root = config.get('ipahomesrootdir', ['/home'])[0]
            # build user's home directory based on his uid
            entry_attrs['homedirectory'] = posixpath.join(homes_root, keys[-1])
-        entry_attrs.setdefault('krbpwdpolicyreference',
-                               DN(('cn', 'global_policy'), ('cn', api.env.realm), ('cn', 'kerberos'),
-                                  api.env.basedn))
        entry_attrs.setdefault('krbprincipalname', '%s@%s' % (entry_attrs['uid'], api.env.realm))

        if entry_attrs.get('gidnumber') is None: