In https://fedorahosted.org/389/ticket/534 the DS team has implemented SASL mapping priority and fallback.
We need to make use of this feature (which means change configuration of cn=config on upgrade probably) for 2 cases:
Fallback to account in cn=config for automatic recovery on initialization failures see ticket: #3214
Mapping external users like trusted users from AD trusted domain to a common placeholder entry which will allow them minimal access to IPAs LDAP server and web framework.
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=910898
Move all uncompleted tickets to next month bucket.
Moving unfinished March tickets to April milestone.
Please add a design page. I think that in future this design could be also shared by #3242 and #3291.
I think it would be better to do separate design pages for #3242 and #3291, in which case a design page for this ticket should not be necessary.
The value of nsslapd-sasl-mapping-fallback is not being stored in dse.ldif. I filed 389-ds ticket https://fedorahosted.org/389/ticket/47355
Rich recommends we wait until this bug is resolved before committing this.
Replying to [comment:13 rcritten]:
The value of nsslapd-sasl-mapping-fallback is not being stored in dse.ldif. I filed 389-ds ticket https://fedorahosted.org/389/ticket/47355 Rich recommends we wait until this bug is resolved before committing this.
Ok, moving to later release.
Moving to next month bucket.
master:[[BR]] ea7db35 Enable SASL mapping fallback.[[BR]]
ipa-3-2:[[BR]] 2945bc1 Enable SASL mapping fallback.[[BR]]
Metadata Update from @simo: - Issue assigned to jcholast - Issue set to the milestone: FreeIPA 3.3 - 2013/06
Login to comment on this ticket.