#6568 KDB: support multi-base searches for Kerberos objects
Closed: fixed 7 years ago Opened 7 years ago by abbra.

KDC driver deals with a number of principals and policies for them that have different meaning in a wider FreeIPA infrastructure. As result, they might be located in different parts of the LDAP tree.

Recent change to make password policies closer to the actual objects the govern is one example. Being able to create principals via kadmin in a proper locations is another.

To make it possible to operate on different subtrees, KDB driver needs to have an infrastructure to search over multiple bases in a predictable way.


Triage notes:

  • pull request exists
  • the pr applies it for password policies
  • we can go further and apply it for all
  • MIT doesn't allow spaces in password policy names - kadmin is affected
  • ab will create a bug, which will be then checked with MIT
  • ab: no bug is needed, MIT supports quoting spaces with double quotes, I was using wrong policy name in the original test. Things work if a proper policy name is used
  • ab: our KDB driver does not support listing password policies, so 'getpols' command in kadmin does not work. Not a big deal right now, can be postponed.

Metadata Update from @abbra:
- Issue assigned to someone
- Issue set to the milestone: Future Releases

7 years ago

master:

  • 9f13b33 Add code to retrieve results from multiple bases
  • 2e5cc36 Add support for searching policies in cn=accounts

Metadata Update from @mbabinsk:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

7 years ago

Login to comment on this ticket.

Metadata