Description of problem:
This is in the context of IPA.
I have an extended operation plugin that implements password policy using the kerberos password policy attributes. I wanted to add a Class of Service template so I could do per-group policy based on memberOf. So I created the CoS templates and verified that a user in the group had the right value.
The CoS looks like this:
dn: cn=Password Policy,cn=accounts,dc=example,dc=com
description: Password Policy based on group membership
dn: cn="cn=group1,cn=groups,cn=accounts,dc=example,dc=com", cn=cosTemplates,cn=accounts,dc=example,dc=com
And to be sure that the attr is there:
% ldapsearch -x -b "dc=example,dc=com" uid=tuser1 krbPwdPolicyReference
Ok. So in my extended op plugin I want to pull the right policy so I first look in the entry for the krbPwdPolicyReference attribute.
I'm getting the entry with slapi_search_internal_get_entry() and explicitly including the attribute in the attrlist. I've tried both with the attribute as operational and not.
It appears that CoS isn't getting fired off on internal searches.
Note that I also tried with nsAccountLock but we have a similar CoS template for that. I had the same results, no attribute returned.
Version-Release number of selected component (if applicable):
After reviewing the code, I think this is not a bug. In order to get the value of virtual attributes, you have to use the vattr interfaces like slapi_vattr_values_get()/slapi_vattr_values_free(). Closing as not a bug. Please reopen it if necessary.