Issue #5356: [RFE] Allow handling of enterprise principal for the local realm - freeipa

freeipa

#5356 [RFE] Allow handling of enterprise principal for the local realm

Opened 8 years ago by sbose. Modified 7 years ago

Currently the handling of enterprise principals from the local realm is rejected in ipadb_is_princ_from_trusted_realm(). But if the request is send from a client in the an AD domain the AD DC tends so add a lower-case version of the realm instead of the correct upper-case version, e.g. user\@IPA.DOMAIN@ipa.domain.

Since the IPA KDC correctly handles the realm case-sensitive it does not recognize that it is a principal from the local realm and hands the processing down to the KDB drive. If ipadb_is_princ_from_trusted_realm() detects the local realm it should be checked if the principal exists in the database and return the needed entry if it was found.

Metadata Update from @sbose:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.5 backlog

7 years ago

Metadata

Assignee

someone

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 4.5 backlog

None

affects_doc

None

source

None

knownissue

None

type

enhancement

blockedby

None

test_case

None

component

KDC LDAP driver

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

todo

tester

None

changelog

None

design

None

freeipa

Source Code

#5356 [RFE] Allow handling of enterprise principal for the local realm Opened 8 years ago by sbose. Modified 7 years ago

Close issue as:

Metadata

#5356 [RFE] Allow handling of enterprise principal for the local realm

Opened 8 years ago by sbose. Modified 7 years ago