IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fill ipakrbprincipalalias on upgrades

Browse Source 
From IPA 3.0, services have by default ipakrbprincipal objectclass which
allows ipakrbprincipalalias attribute used for case-insensitive principal
searches. However, services created in previous version do not have
this objectclass (and attribute) and thus case-insensitive searches
may return inconsistent results.

Fill ipakrbprincipalalias on upgrades for all 2.x services. Also treat
Treat the ipakrbprincipal as optional to avoid missing services in
service-find command if the upgrade fails for any reason.

https://fedorahosted.org/freeipa/ticket/3106
This commit is contained in:
Martin Kosek
2012-10-01 16:49:34 +02:00
committed by Rob Crittenden
parent 682edbf215
commit 0c2d0bb2b0
3 changed files with 102 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
ipalib/plugins/service.py
View File

@@ -221,8 +221,9 @@ class service(LDAPObject):
object_name_plural = _('services')
object_class = [
'krbprincipal', 'krbprincipalaux', 'krbticketpolicyaux', 'ipaobject',
'ipaservice', 'pkiuser', 'ipakrbprincipal'
'ipaservice', 'pkiuser'
]
possible_objectclasses = ['ipakrbprincipal']
search_attributes = ['krbprincipalname', 'managedby', 'ipakrbauthzdata']
default_attributes = ['krbprincipalname', 'usercertificate', 'managedby',
'ipakrbauthzdata',]
@@ -327,6 +328,10 @@ class service_add(LDAPCreate):
# schema
entry_attrs['ipakrbprincipalalias'] = keys[-1]
# Objectclass ipakrbprincipal providing ipakrbprincipalalias is not in
# in a list of default objectclasses, add it manually
entry_attrs['objectclass'].append('ipakrbprincipal')
return dn
api.register(service_add)