ipa-kdb: Fix legacy password hashes generation

We were not searching for objectclass so the test to se if a user had the posixAccount attribute was failing and the user was not marked as ipa_user. This in turn caused us to not synchronize legacy hashes by not trying to store the userPassword attribute. Fixes: https://fedorahosted.org/freeipa/ticket/1820
2025-02-25 18:55:28 -06:00 · 2011-09-19 15:53:17 -04:00
parent 95b85f907b
commit f28ab8351f
2 changed files with 2 additions and 3 deletions
--- a/daemons/ipa-kdb/ipa_kdb_passwords.c
+++ b/daemons/ipa-kdb/ipa_kdb_passwords.c
@@ -283,9 +283,7 @@ krb5_error_code ipadb_get_pwd_expiration(krb5_context context,
    krb5_principal mod_princ = NULL;
    krb5_boolean truexp = true;

-
-    /* Assume all principals with just one component as user principals */
-    if (entry->princ->length == 1) {
+    if (ied->ipa_user) {
        kerr = krb5_dbe_lookup_mod_princ_data(context, entry,
                                              &mod_time, &mod_princ);
        if (kerr) {
--- a/daemons/ipa-kdb/ipa_kdb_principals.c
+++ b/daemons/ipa-kdb/ipa_kdb_principals.c
@@ -53,6 +53,7 @@ static char *std_principal_attrs[] = {
    "nsaccountlock",
    "passwordHistory",

+    "objectClass",
    NULL
 };