freeipa

IntenseWebs/freeipa

Fork 0

mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-11 08:41:55 -06:00

Commit Graph

Author	SHA1	Message	Date
Rob Crittenden	9cc0754b71	Add option to limit the attributes allowed in an entry. Kerberos ticket policy can update policy in a user entry. This allowed set/addattr to be used to modify attributes outside of the ticket policy perview, also bypassing all validation/normalization. Likewise the ticket policy was updatable by the user plugin bypassing all validation. Add two new LDAPObject values to control this behavior: limit_object_classes: only attributes in these are allowed disallow_object_classes: attributes in these are disallowed By default both of these lists are empty so are skipped. ticket 744	2011-05-27 13:51:37 -04:00

Author

SHA1

Message

Date

Rob Crittenden

9cc0754b71

Add option to limit the attributes allowed in an entry.

Kerberos ticket policy can update policy in a user entry. This allowed
set/addattr to be used to modify attributes outside of the ticket policy
perview, also bypassing all validation/normalization. Likewise the
ticket policy was updatable by the user plugin bypassing all validation.

Add two new LDAPObject values to control this behavior:

limit_object_classes: only attributes in these are allowed
disallow_object_classes: attributes in these are disallowed

By default both of these lists are empty so are skipped.

ticket 744

2011-05-27 13:51:37 -04:00

1 Commits