Checks if replica-s4u2proxy.ldif should be applied

Before applying replica-s3u2proxy.ldif, we check if the values are already there. The values can be there if a replica installation was done in the past and some info was left behind. Also, the code checks the values independently. https://pagure.io/freeipa/issue/7174 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2025-02-25 18:55:28 -06:00 · 2017-10-13 09:19:43 +02:00 · 2017-10-13 09:19:43 +02:00 · 23a0453c4d
commit 23a0453c4d
parent 6c88eb8097
1 changed files with 18 additions and 1 deletions
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@ -958,7 +958,24 @@ class DsInstance(service.Service):
        self._ldap_mod("replica-prevent-time-skew.ldif", self.sub_dict)

    def __setup_s4u2proxy(self):
-        self._ldap_mod("replica-s4u2proxy.ldif", self.sub_dict)
+
+        def __add_principal(last_cn, principal, self):
+            dn = DN(('cn', last_cn), ('cn', 's4u2proxy'),
+                    ('cn', 'etc'), self.suffix)
+
+            value = '{principal}/{fqdn}@{realm}'.format(fqdn=self.fqdn,
+                                                        realm=self.realm,
+                                                        principal=principal)
+
+            entry = api.Backend.ldap2.get_entry(dn, ['memberPrincipal'])
+            try:
+                entry['memberPrincipal'].append(value)
+                api.Backend.ldap2.update_entry(entry)
+            except errors.EmptyModlist:
+                pass
+
+        __add_principal('ipa-http-delegation', 'HTTP', self)
+        __add_principal('ipa-ldap-delegation-targets', 'ldap', self)

    def __create_indices(self):
        self._ldap_mod("indices.ldif")