5 files changed, 30 insertions, 9 deletions

diff --git a/ipa_server/plugins/b_ldap.py b/ipa_server/plugins/b_ldap.py
index a7a3c8b35..2c65ba457 100644
--- a/ipa_server/plugins/b_ldap.py
+++ b/ipa_server/plugins/b_ldap.py
@@ -88,7 +88,7 @@ class ldap(CrudBackend):
         attribute = attribute.lower()
         object_type = None
         if attribute == "uid": # User
-            object_type = "person"
+            object_type = "posixAccount"
         elif attribute == "cn": # Group
             object_type = "posixGroup"
         elif attribute == "krbprincipalname": # Service
diff --git a/ipa_server/servercore.py b/ipa_server/servercore.py
index e69967a90..052c386b8 100644
--- a/ipa_server/servercore.py
+++ b/ipa_server/servercore.py
@@ -168,7 +168,7 @@ def get_user_by_uid(uid, sattrs):
     """Get a specific user's entry."""
     # FIXME: should accept a container to look in
 #    uid = self.__safe_filter(uid)
-    searchfilter = "(&(uid=%s)(objectclass=person))" % uid
+    searchfilter = "(&(uid=%s)(objectclass=posixAccount))" % uid
 
     return get_sub_entry("cn=accounts," + api.env.basedn, searchfilter, sattrs)
 
diff --git a/ipalib/plugins/f_host.py b/ipalib/plugins/f_host.py
index da2815480..4f4f72044 100644
--- a/ipalib/plugins/f_host.py
+++ b/ipalib/plugins/f_host.py
@@ -103,6 +103,9 @@ class host_add(crud.Add):
         The dn should not be passed as a keyword argument as it is constructed
         by this method.
 
+        If password is set then this is considered a 'bulk' host so we
+        do not create a kerberos service principal.
+
         Returns the entry as it will be created in LDAP.
 
         :param hostname: The name of the host being added.
@@ -110,27 +113,39 @@ class host_add(crud.Add):
         """
         assert 'cn' not in kw
         assert 'dn' not in kw
+        assert 'krbprincipalname' not in kw
         ldap = self.api.Backend.ldap
 
         kw['cn'] = hostname
         kw['serverhostname'] = hostname.split('.',1)[0]
         kw['dn'] = ldap.make_host_dn(hostname)
-        kw['krbPrincipalName'] = "host/%s@%s" % (hostname, self.api.env.realm)
 
         # FIXME: do a DNS lookup to ensure host exists
 
         current = util.get_current_principal()
         if not current:
             raise errors.NotFound('Unable to determine current user')
-        kw['enrolledBy'] = ldap.find_entry_dn("krbPrincipalName", current, "person")
+        kw['enrolledby'] = ldap.find_entry_dn("krbPrincipalName", current, "posixAccount")
 
         # Get our configuration
         config = ldap.get_ipa_config()
 
         # some required objectclasses
         # FIXME: add this attribute to cn=ipaconfig
-        #kw['objectClass'] =  config.get('ipahostobjectclasses')
-        kw['objectClass'] = ['nsHost', 'krbPrincipalAux', 'ipaHost']
+        #kw['objectclass'] =  config.get('ipahostobjectclasses')
+        kw['objectclass'] = ['nsHost', 'ipaHost']
+
+        # Ensure the list of objectclasses is lower-case
+        kw['objectclass'] = map(lambda z: z.lower(), kw.get('objectclass'))
+
+        if not kw.get('userpassword', False):
+            kw['krbprincipalname'] = "host/%s@%s" % (hostname, self.api.env.realm)
+
+            if 'krbprincipalaux' not in kw.get('objectclass'):
+               kw['objectclass'].append('krbprincipalaux')
+        else:
+            if 'krbprincipalaux' in kw.get('objectclass'):
+                kw['objectclass'].remove('krbprincipalaux')
 
         return ldap.create(**kw)
     def output_for_cli(self, ret):
diff --git a/ipalib/plugins/f_passwd.py b/ipalib/plugins/f_passwd.py
index f70eacac8..7b424a3bc 100644
--- a/ipalib/plugins/f_passwd.py
+++ b/ipalib/plugins/f_passwd.py
@@ -60,7 +60,7 @@ class passwd(frontend.Command):
             else:
                 principal = principal
 
-        dn = ldap.find_entry_dn("krbprincipalname", principal, "person")
+        dn = ldap.find_entry_dn("krbprincipalname", principal, "posixAccount")
 
         # FIXME: we need a way to prompt for passwords using getpass
         kw['newpass'] = "password"
diff --git a/ipalib/plugins/f_service.py b/ipalib/plugins/f_service.py
index 38c80ad2b..9e9cec538 100644
--- a/ipalib/plugins/f_service.py
+++ b/ipalib/plugins/f_service.py
@@ -110,7 +110,7 @@ class service_add(crud.Add):
 
     def output_to_cli(self, ret):
         if ret:
-            print "Service added" 
+            print "Service added"
 
 api.register(service_add)
 
@@ -146,7 +146,7 @@ class service_find(crud.Find):
     def execute(self, principal, **kw):
         ldap = self.api.Backend.ldap
 
-        kw['filter'] = "&(objectclass=krbPrincipalAux)(!(objectClass=person))(!(|(krbprincipalname=kadmin/*)(krbprincipalname=K/M@*)(krbprincipalname=krbtgt/*)))"
+        kw['filter'] = "&(objectclass=krbPrincipalAux)(!(objectClass=posixAccount))(!(|(krbprincipalname=kadmin/*)(krbprincipalname=K/M@*)(krbprincipalname=krbtgt/*)))"
         kw['krbprincipalname'] = principal
 
         object_type = ldap.get_object_type("krbprincipalname")
@@ -193,5 +193,11 @@ class service_show(crud.Get):
         dn = ldap.find_entry_dn("krbprincipalname", principal)
         # FIXME: should kw contain the list of attributes to display?
         return ldap.retrieve(dn)
+    def output_for_cli(self, service):
+        if not service:
+            return
+
+        for a in service.keys():
+            print "%s: %s" % (a, service[a])
 
 api.register(service_show)