IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

keep setting ipakrbprincipal objectclass on new service entries

Browse Source 
this is required for replica promotion to work, since the ACI allowing hosts
to add their own services uses this objectclass as target filter.

This partially reverts changes from commit
705f66f749

https://fedorahosted.org/freeipa/ticket/5996

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
This commit is contained in:
Martin Babinsky
2016-06-27 08:48:29 +02:00
committed by Martin Basti
parent 7bf3b1d546
commit 7b8247a485
3 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
ipaserver/plugins/service.py
View File

@@ -576,6 +576,15 @@ class service_add(LDAPCreate):
if not 'managedby' in entry_attrs:
entry_attrs['managedby'] = hostresult['dn']
# Enforce ipaKrbPrincipalAlias to aid case-insensitive searches
# as krbPrincipalName/krbCanonicalName are case-sensitive in Kerberos
# schema
entry_attrs['ipakrbprincipalalias'] = keys[-1]
# Objectclass ipakrbprincipal providing ipakrbprincipalalias is not in
# in a list of default objectclasses, add it manually
entry_attrs['objectclass'].append('ipakrbprincipal')
# set krbcanonicalname attribute to enable principal canonicalization
util.set_krbcanonicalname(entry_attrs)