Make sure ipapwd_extop takes precedence over passwd_modify_extop

DS core server provides a default plugin (passwd_modify_extop) to handle
1.3.6.1.4.1.4203.1.11.1 extended op (https://www.ietf.org/rfc/rfc3062.txt)

IPA delivers ipa_pwd_extop plugin that should take precedence over
the default DS plugin (passwd_modify_extop)

In addition make sure that slapi-nis has a low precedence

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Thierry Bordaz 2016-06-16 16:28:03 +02:00 committed by Martin Basti
parent 91d6d87ca7
commit 8192e2f8c1
3 changed files with 11 additions and 2 deletions

View File

@ -16,7 +16,7 @@ default:nsslapd-pluginid: schema-compat-plugin
# We need to run schema-compat pre-bind callback before
# other IPA pre-bind callbacks to make sure bind DN is
# rewritten to the original entry if needed
default:nsslapd-pluginprecedence: 49
default:nsslapd-pluginprecedence: 40
default:nsslapd-pluginversion: 0.8
default:nsslapd-pluginbetxn: on
default:nsslapd-pluginvendor: redhat.com

View File

@ -0,0 +1,9 @@
dn: cn=ipa_pwd_extop,cn=plugins,cn=config
# DS core server provides a default plugin (passwd_modify_extop) to handle
# 1.3.6.1.4.1.4203.1.11.1 extended op (https://www.ietf.org/rfc/rfc3062.txt)
# the pluginprecedence of the passwd_modify_extop is 50 (default value)
#
# IPA delivers ipa_pwd_extop plugin to handle that extended op
# we need to make sure ipa_pwd_extop is called and so to set a lower
# precedence value
add:nsslapd-pluginprecedence: 49

View File

@ -74,7 +74,7 @@ dn: cn=Schema Compatibility,cn=plugins,cn=config
# We need to run schema-compat pre-bind callback before
# other IPA pre-bind callbacks to make sure bind DN is
# rewritten to the original entry if needed
add:nsslapd-pluginprecedence: 49
add:nsslapd-pluginprecedence: 40
dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")