freeipa

IntenseWebs/freeipa

Fork 0

mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00

Commit Graph

Author	SHA1	Message	Date
Rob Crittenden	4ef8b58c26	Add UID, GID and e-mail to the user default attributes. ticket https://fedorahosted.org/freeipa/ticket/1265	2011-06-08 23:30:11 +00:00
Rob Crittenden	9cc0754b71	Add option to limit the attributes allowed in an entry. Kerberos ticket policy can update policy in a user entry. This allowed set/addattr to be used to modify attributes outside of the ticket policy perview, also bypassing all validation/normalization. Likewise the ticket policy was updatable by the user plugin bypassing all validation. Add two new LDAPObject values to control this behavior: limit_object_classes: only attributes in these are allowed disallow_object_classes: attributes in these are disallowed By default both of these lists are empty so are skipped. ticket 744	2011-05-27 13:51:37 -04:00

Author

SHA1

Message

Date

Rob Crittenden

4ef8b58c26

Add UID, GID and e-mail to the user default attributes.

ticket https://fedorahosted.org/freeipa/ticket/1265

2011-06-08 23:30:11 +00:00

Rob Crittenden

9cc0754b71

Add option to limit the attributes allowed in an entry.

Kerberos ticket policy can update policy in a user entry. This allowed
set/addattr to be used to modify attributes outside of the ticket policy
perview, also bypassing all validation/normalization. Likewise the
ticket policy was updatable by the user plugin bypassing all validation.

Add two new LDAPObject values to control this behavior:

limit_object_classes: only attributes in these are allowed
disallow_object_classes: attributes in these are disallowed

By default both of these lists are empty so are skipped.

ticket 744

2011-05-27 13:51:37 -04:00

2 Commits