diff options
-rw-r--r-- | ipaserver/install/krbinstance.py | 4 | ||||
-rw-r--r-- | ipaserver/ipaldap.py | 19 |
2 files changed, 3 insertions, 20 deletions
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index 2380d55f6..f3008c918 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -442,7 +442,9 @@ class KrbInstance(service.Service): # Create the special anonymous principal installutils.kadmin_addprinc(princ_realm) dn = DN(('krbprincipalname', princ_realm), self.get_realm_suffix()) - self.admin_conn.inactivateEntry(dn, False) + entry = self.admin_conn.get_entry(dn) + entry['nsAccountlock'] = ['TRUE'] + self.admin_conn.update_entry(entry) def __convert_to_gssapi_replication(self): repl = replication.ReplicationManager(self.realm, diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py index b4d0a5d9a..72fc4afee 100644 --- a/ipaserver/ipaldap.py +++ b/ipaserver/ipaldap.py @@ -1697,25 +1697,6 @@ class IPAdmin(LDAPClient): return modlist - def inactivateEntry(self,dn, has_key): - """Rather than deleting entries we mark them as inactive. - has_key defines whether the entry already has nsAccountlock - set so we can determine which type of mod operation to run.""" - - assert isinstance(dn, DN) - modlist = [] - - if has_key: - operation = ldap.MOD_REPLACE - else: - operation = ldap.MOD_ADD - - modlist.append((operation, "nsAccountlock", "TRUE")) - - with self.error_handler(): - self.modify_s(dn, modlist) - return True - def waitForEntry(self, dn, timeout=7200, attr='', quiet=True): filter = "(objectclass=*)" attrlist = [] |