Don't allow the IPA server service principals to be removed.

440282
author: Rob Crittenden <rcritten@redhat.com> 2008-04-25 17:01:31 -0400
committer: Rob Crittenden <rcritten@redhat.com> 2008-05-08 12:57:31 -0400
commit: 24f43bc8467f1ded94aec03e00f05138de563ee8 (patch)
tree: abc77263aee9eec101deb49dc4f68a8454619c6f /ipa-server/xmlrpc-server
parent: 2bb64e404c9d96532b5619b5801532d96f4ebb1f (diff)
download: freeipa-24f43bc8467f1ded94aec03e00f05138de563ee8.tar.gz
freeipa-24f43bc8467f1ded94aec03e00f05138de563ee8.tar.xz
freeipa-24f43bc8467f1ded94aec03e00f05138de563ee8.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py
index 74a3030c8..d83fed09e 100644
--- a/ipa-server/xmlrpc-server/funcs.py
+++ b/ipa-server/xmlrpc-server/funcs.py
@@ -1974,6 +1974,9 @@ class IPAServer:
         entry = self.get_entry_by_dn(principal, ['dn', 'objectclass'], opts)
         if entry is None:
             raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)
+        dn_list = ldap.explode_dn(entry['dn'].lower())
+        if "cn=kerberos" in dn_list:
+            raise ipaerror.gen_exception(ipaerror.INPUT_SERVICE_PRINCIPAL_REQUIRED)
 
         conn = self.getConnection(opts)
         try:
author	Rob Crittenden <rcritten@redhat.com>	2008-04-25 17:01:31 -0400
committer	Rob Crittenden <rcritten@redhat.com>	2008-05-08 12:57:31 -0400
commit	24f43bc8467f1ded94aec03e00f05138de563ee8 (patch)
tree	abc77263aee9eec101deb49dc4f68a8454619c6f /ipa-server/xmlrpc-server
parent	2bb64e404c9d96532b5619b5801532d96f4ebb1f (diff)
download	freeipa-24f43bc8467f1ded94aec03e00f05138de563ee8.tar.gz freeipa-24f43bc8467f1ded94aec03e00f05138de563ee8.tar.xz freeipa-24f43bc8467f1ded94aec03e00f05138de563ee8.zip