[Freeipa-devel] [PATCH 0064] Do not check userPassword with 7-bit plugin
Jan Cholasta
jcholast at redhat.com
Mon Jun 3 12:59:52 UTC 2013
On 3.6.2013 14:55, Martin Kosek wrote:
> On 06/03/2013 01:32 PM, Jan Cholasta wrote:
>> Hi,
>>
>> On 3.6.2013 13:10, Tomas Babej wrote:
>>> Hi,
>>>
>>> Default list of attributes that are checked with 7-bit plugin
>>> for being 7-bit clean includes userPassword. Consecutively, one
>>> is unable to set passwords that contain non-ascii characters.
>>>
>>> https://fedorahosted.org/freeipa/ticket/3640
>>>
>>> Tomas
>>>
>>
>> what is the idea behind this:
>>
>> +replace:nsslapd-pluginarg2:userpassword::mail
>>
>> why not use remove instead of replace?
>
> Because of https://fedorahosted.org/389/ticket/47370, I found - DS would crash.
>
> In this update, I would like to operate only with this one attribute to avoid
> shifting the whole nsslapd-pluginargX array if we chose to remove
> nsslapd-pluginarg2.
>
> I thought that the safest approach would be to simply replace
> nsslapd-pluginarg2 with an already checked value, thus creating a safe NOOP.
> But I am open to other values leading to not checking userPassword attribute +
> changing nsslapd-pluginarg2 only.
>
> Martin
>
I see. Anyway, I think there should be a comment in the update file
explaining why replace is necessary.
--
Jan Cholasta
More information about the Freeipa-devel
mailing list