freeipa/plugins at b47d6a3654ee05e5751bde8ab32934bd809a7347 - freeipa - Git Repository of IntenseWebs.com, IF.Finance, IWeb.City, NuKVM.org, OilfieldTools Network, Spartan International Drilling, Green Polymer Products & more

IntenseWebs/freeipa

mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00

Files

History

Alexander Bokovoy b47d6a3654 use LDAP Whoami command when creating an OTP token

ipa user-find --whoami is used by ipa otptoken-add to populate
ipaTokenOwner and managedBy attributes. These attributes, in turn are
checked by the self-service ACI which allows to create OTP tokens
assigned to the creator.

With 389-ds-base 1.4.0.6-2.fc28 in Fedora 28 beta there is a bug in
searches with scope 'one' that result in ipa user-find --whoami
returning 0 results.

Because ipa user-find --whoami does not work, non-admin user cannot
create a token. This is a regression that can be fixed by using LDAP
Whoami command.

LDAP Whoami command returns a string 'dn: <DN of the bind>', so we have
to strip first four characters to get actual DN.

Fixes: https://pagure.io/freeipa/issue/7456
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>

2018-03-22 11:33:17 +01:00

..

__init__.py

Change FreeIPA license to GPLv3+

2010-12-20 17:19:53 -05:00

aci.py

LGTM: raise handle_not_found()

2018-01-09 07:53:28 +01:00

automember.py

LGTM: raise handle_not_found()

2018-01-09 07:53:28 +01:00

automount.py

Reworked the renaming mechanism

2017-03-27 19:08:26 +02:00

baseldap.py

LGTM: raise handle_not_found()

2018-01-09 07:53:28 +01:00

baseuser.py

Revert "Don't allow OTP or RADIUS in FIPS mode"

2018-03-12 13:29:19 -04:00

batch.py

logging: remove object-specific loggers

2017-07-14 15:55:59 +02:00

ca.py

ldap2: fix implementation of can_add

2018-02-09 08:57:41 +01:00

caacl.py

LGTM: raise handle_not_found()

2018-01-09 07:53:28 +01:00

cert.py

cert-request: avoid internal error when cert malformed

2018-02-06 11:42:34 +01:00

certmap.py

LGTM: raise handle_not_found()

2018-01-09 07:53:28 +01:00

certprofile.py

Reuse self.api when executing ca_enabled_check

2017-01-11 15:26:20 +01:00

config.py

Processing of server roles should ignore errors.EmptyResult

2018-03-21 22:22:35 +01:00

delegation.py

remove trailing newlines form python modules

2016-10-12 10:38:52 +02:00

dns.py

ipa host-add --ip-address: properly handle NoNameservers

2018-02-12 17:30:52 +01:00

dnsserver.py

dnsserver.py: dnsserver-find no longer returns internal server error

2017-06-15 13:51:06 +02:00

dogtag.py

Use TLS for the cert-find operation

2017-09-18 11:44:08 +02:00

domainlevel.py

Check for conflict entries before raising domain level

2016-12-13 12:25:07 +01:00

group.py

LGTM: raise handle_not_found()

2018-01-09 07:53:28 +01:00

hbac.py

ipalib: move server-side plugins to ipaserver

2016-06-03 09:00:34 +02:00

hbacrule.py

LGTM: raise handle_not_found()

2018-01-09 07:53:28 +01:00

hbacsvc.py

remove trailing newlines form python modules

2016-10-12 10:38:52 +02:00

hbacsvcgroup.py

remove trailing newlines form python modules

2016-10-12 10:38:52 +02:00

hbactest.py

logging: remove object-specific loggers

2017-07-14 15:55:59 +02:00

host.py

ipa host-add: do not raise exception when reverse record not added

2018-02-23 14:39:34 +01:00

hostgroup.py

remove trailing newlines form python modules

2016-10-12 10:38:52 +02:00

idrange.py

Error message while adding idrange with untrusted domain

2018-03-15 07:31:37 +01:00

idviews.py

Idviews: fix objectclass violation on idview-add

2018-01-09 07:58:52 +01:00

internal.py

More log in verbs

2017-12-12 12:53:21 +01:00

join.py

logging: remove object-specific loggers

2017-07-14 15:55:59 +02:00

krbtpolicy.py

ipalib: move server-side plugins to ipaserver

2016-06-03 09:00:34 +02:00

ldap2.py

ldap2: fix implementation of can_add

2018-02-09 08:57:41 +01:00

location.py

DNS Location: add list of roles and DNS servers to location-show

2016-06-17 18:05:03 +02:00

migration.py

Generate same API.txt under Python 2 and 3

2018-02-15 09:41:30 +01:00

misc.py

Make env and plugins commands local again

2016-12-02 13:00:06 +01:00

netgroup.py

LGTM: raise handle_not_found()

2018-01-09 07:53:28 +01:00

otp.py

ipalib: move server-side plugins to ipaserver

2016-06-03 09:00:34 +02:00

otpconfig.py

ipalib: move server-side plugins to ipaserver

2016-06-03 09:00:34 +02:00

otptoken.py

use LDAP Whoami command when creating an OTP token

2018-03-22 11:33:17 +01:00

passwd.py

logging: remove object-specific loggers

2017-07-14 15:55:59 +02:00

permission.py

LGTM: unnecessary else in for loop

2018-01-09 07:53:28 +01:00

ping.py

ipalib: move server-side plugins to ipaserver

2016-06-03 09:00:34 +02:00

pkinit.py

pkinit: don't fail when no pkinit servers found

2017-09-12 15:59:20 +02:00

privilege.py

Reworked the renaming mechanism

2017-03-27 19:08:26 +02:00

pwpolicy.py

LGTM: raise handle_not_found()

2018-01-09 07:53:28 +01:00

rabase.py

rabase.get_certificate: make serial number arg mandatory

2017-03-07 13:24:16 +01:00

radiusproxy.py

Reworked the renaming mechanism

2017-03-27 19:08:26 +02:00

realmdomains.py

realm domains: improve doc text

2018-03-21 15:29:50 +01:00

role.py

Reworked the renaming mechanism

2017-03-27 19:08:26 +02:00

schema.py

Fixing translation problems

2018-01-31 16:03:19 +01:00

selfservice.py

remove trailing newlines form python modules

2016-10-12 10:38:52 +02:00

selinuxusermap.py

LGTM: raise handle_not_found()

2018-01-09 07:53:28 +01:00

server.py

preventing ldap principal to be deleted

2018-01-31 12:35:03 +01:00

serverrole.py

LGTM: raise handle_not_found()

2018-01-09 07:53:28 +01:00

serverroles.py

Fix ipa config-mod --ca-renewal-master

2017-09-05 14:13:46 +02:00

service.py

LGTM: raise handle_not_found()

2018-01-09 07:53:28 +01:00

servicedelegation.py

Reworked the renaming mechanism

2017-03-27 19:08:26 +02:00

session.py

logging: remove object-specific loggers

2017-07-14 15:55:59 +02:00

stageuser.py

LGTM: raise handle_not_found()

2018-01-09 07:53:28 +01:00

sudo.py

ipalib: move server-side plugins to ipaserver

2016-06-03 09:00:34 +02:00

sudocmd.py

sudocmd: fix unsupported assignment

2017-09-08 15:42:07 +02:00

sudocmdgroup.py

remove trailing newlines form python modules

2016-10-12 10:38:52 +02:00

sudorule.py

LGTM: raise handle_not_found()

2018-01-09 07:53:28 +01:00

topology.py

Fix regexp patterns in parameters to not enforce length

2016-09-20 17:35:28 +02:00

trust.py

Generate same API.txt under Python 2 and 3

2018-02-15 09:41:30 +01:00

user.py

LGTM: raise handle_not_found()

2018-01-09 07:53:28 +01:00

vault.py

Fixing vault-add-member to be compatible with py3

2018-01-24 19:09:03 +01:00

virtual.py

logging: remove object-specific loggers

2017-07-14 15:55:59 +02:00

whoami.py

whoami.py: Type error when running tests

2017-07-07 14:44:42 +02:00

xmlserver.py

Added new authentication method

2016-08-17 16:55:49 +02:00