Set default gracelimit on group password policies to -1

This will retain previous behavior of unlimited LDAP BIND post-expiration. Fixes: https://pagure.io/freeipa/issue/9212 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2025-02-25 18:55:28 -06:00 · 2022-08-04 12:04:22 -04:00 · 2022-08-04 12:04:22 -04:00 · 45e6d49b94
commit 45e6d49b94
parent 1aa39529cd
3 changed files with 5 additions and 1 deletions
--- a/API.txt
+++ b/API.txt
@ -4076,7 +4076,7 @@ option: Int('krbpwdlockoutduration?', cli_name='lockouttime')
 option: Int('krbpwdmaxfailure?', cli_name='maxfail')
 option: Int('krbpwdmindiffchars?', cli_name='minclasses')
 option: Int('krbpwdminlength?', cli_name='minlength')
-option: Int('passwordgracelimit?', cli_name='gracelimit', default=-1)
+option: Int('passwordgracelimit?', autofill=True, cli_name='gracelimit', default=-1)
 option: Flag('raw', autofill=True, cli_name='raw', default=False)
 option: Str('setattr*', cli_name='setattr')
 option: Str('version?')
--- a/ipaserver/plugins/pwpolicy.py
+++ b/ipaserver/plugins/pwpolicy.py
@ -408,6 +408,7 @@ class pwpolicy(LDAPObject):
            minvalue=-1,
            maxvalue=Int.MAX_UINT32,
            default=-1,
+            autofill=True,
        ),
    )

@ -539,6 +540,7 @@ class pwpolicy_add(LDAPCreate):
            keys[-1], krbpwdpolicyreference=dn,
            cospriority=options.get('cospriority')
        )
+
        return dn

    def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
--- a/ipatests/test_xmlrpc/test_pwpolicy_plugin.py
+++ b/ipatests/test_xmlrpc/test_pwpolicy_plugin.py
@ -387,6 +387,7 @@ class test_pwpolicy_mod_cospriority(Declarative):
                    krbpwdhistorylength=[u'10'],
                    krbpwdmindiffchars=[u'3'],
                    krbpwdminlength=[u'8'],
+                    passwordgracelimit=[u'-1'],
                    objectclass=objectclasses.pwpolicy,
                ),
                summary=None,
@ -417,6 +418,7 @@ class test_pwpolicy_mod_cospriority(Declarative):
                    krbpwdhistorylength=[u'10'],
                    krbpwdmindiffchars=[u'3'],
                    krbpwdminlength=[u'8'],
+                    passwordgracelimit=[u'-1'],
                ),
                summary=None,
                value=u'ipausers',