IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
d6d413628bcf1141bc7f91a4127305dc1da194ea
freeipa/ipapython
History
Rob Crittenden ba526c5cb0 Don't store entries with a usercertificate in the LDAP cache 
usercertificate often has a subclass and both the plain and
subclassed (binary) values are queried. I'm concerned that
they are used more or less interchangably in places so not
caching these entries is the safest path forward for now until
we can dedicate the time to find all usages, determine their
safety and/or perhaps handle this gracefully within the cache
now.

What we see in this bug is that usercertificate;binary holds the
first certificate value but a user-mod is done with
setattr usercertificate=<new_cert>. Since there is no
usercertificate value (remember, it's usercertificate;binary)
a replace is done and 389-ds wipes the existing value as we've
asked it to.

I'm not comfortable with simply treating them the same because
in LDAP they are not.

https://pagure.io/freeipa/issue/8986

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2021-09-16 13:16:17 -04:00
..
install
pylint: Fix several warnings
2021-03-30 09:58:42 +02:00
__init__.py
Rename ipa-python directory to ipapython so it is a real python library
2009-02-09 14:35:15 -05:00
admintool.py
Treat container subplatforms like main platform
2020-08-07 17:54:06 +03:00
certdb.py
When loading certificates verify that it is X.509 v3
2021-06-14 15:19:42 -04:00
config.py
Unify access to FQDN
2020-10-26 17:11:19 +11:00
cookie.py
handle Y2038 in timestamp to datetime conversions
2020-06-25 09:18:02 +03:00
directivesetter.py
Grammar: whitespace is a word
2020-06-23 10:16:29 +02:00
dn_ctypes.py
Load libldap_r-*.so.2
2019-05-14 12:27:55 +02:00
dn.py
Removes several pylint warnings.
2019-09-27 09:38:32 +02:00
dnsutil.py
dnsutil: Improvements for IPA DNS Resolver
2021-05-25 10:45:49 +03:00
dogtag.py
Parse cert chain as JSON not XML
2021-08-09 08:44:52 +02:00
errors.py
Replace StandardError with Exception
2015-09-30 10:51:36 +02:00
fqdn.py
Easier to use ipa_gethostfqdn()
2020-10-26 17:11:19 +11:00
graph.py
Py3: Remove subclassing from object
2018-09-27 11:49:04 +02:00
ipa_log_manager.py
Remove deprecated object logger
2019-04-23 12:55:35 +02:00
ipachangeconf.py
Fixed errors newly exposed by pylint 2.4.0
2019-09-25 20:14:06 +10:00
ipaldap.py
Don't store entries with a usercertificate in the LDAP cache
2021-09-16 13:16:17 -04:00
ipautil.py
trust-fetch-domains: use custom krb5.conf overlay for all trust operations
2021-01-22 12:21:33 -05:00
ipavalidate.py
Change FreeIPA license to GPLv3+
2010-12-20 17:19:53 -05:00
kerberos.py
Py3: Replace six.bytes_type with bytes
2018-09-27 16:11:18 +02:00
kernel_keyring.py
Don't configure KEYRING ccache in containers
2019-01-18 11:33:11 +01:00
Makefile.am
ipapython: fix DEFAULT_PLUGINS in version.py
2017-03-09 18:39:48 +01:00
nsslib.py
Remove ipapython.nsslib as it is not used anymore
2017-03-01 09:43:41 +00:00
README
Replace DNS client based on acutil with python-dns
2012-05-24 13:55:56 +02:00
session_storage.py
Fix pylint warnings inconsistent-return-statements
2017-12-18 11:51:14 +01:00
setup.cfg
Port all setup.py to setuptools
2016-10-20 18:43:37 +02:00
setup.py
Add helpers for resolve1 and nameservers
2020-09-23 16:44:26 +02:00
ssh.py
Allow multiple permitopen/permitlisten in SSH keys
2021-03-29 10:06:07 +03:00
version.py.in
Manually reformat ipapython/version.py.in
2020-05-05 10:42:46 +02:00

README 

This is a set of libraries common to IPA clients and servers though mostly
geared currently towards command-line tools.

A brief overview:

config.py - identify the IPA server domain and realm. It uses python-dns to
            try to detect this information first and will fall back to
            /etc/ipa/default.conf if that fails.

ipautil.py - helper functions

entity.py - entity is the main data type. User and Group extend this class
            (but don't add anything currently).

ipavalidate.py - basic data validation routines