diff options
author | Martin Kosek <mkosek@redhat.com> | 2012-10-01 16:49:34 +0200 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2012-10-02 15:17:42 -0400 |
commit | 0c2d0bb2b0f6b56f57b592ffc8784a0dfa1c9a48 (patch) | |
tree | a936c43b8313ac0bbf4d284aefc40fce716372b9 /ipalib | |
parent | 682edbf2152aa2dce2f6350226bffc6ebc2526c1 (diff) | |
download | freeipa-0c2d0bb2b0f6b56f57b592ffc8784a0dfa1c9a48.tar.gz freeipa-0c2d0bb2b0f6b56f57b592ffc8784a0dfa1c9a48.tar.xz freeipa-0c2d0bb2b0f6b56f57b592ffc8784a0dfa1c9a48.zip |
Fill ipakrbprincipalalias on upgrades
From IPA 3.0, services have by default ipakrbprincipal objectclass which
allows ipakrbprincipalalias attribute used for case-insensitive principal
searches. However, services created in previous version do not have
this objectclass (and attribute) and thus case-insensitive searches
may return inconsistent results.
Fill ipakrbprincipalalias on upgrades for all 2.x services. Also treat
Treat the ipakrbprincipal as optional to avoid missing services in
service-find command if the upgrade fails for any reason.
https://fedorahosted.org/freeipa/ticket/3106
Diffstat (limited to 'ipalib')
-rw-r--r-- | ipalib/plugins/service.py | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py index 120eb607..a3d436e6 100644 --- a/ipalib/plugins/service.py +++ b/ipalib/plugins/service.py @@ -221,8 +221,9 @@ class service(LDAPObject): object_name_plural = _('services') object_class = [ 'krbprincipal', 'krbprincipalaux', 'krbticketpolicyaux', 'ipaobject', - 'ipaservice', 'pkiuser', 'ipakrbprincipal' + 'ipaservice', 'pkiuser' ] + possible_objectclasses = ['ipakrbprincipal'] search_attributes = ['krbprincipalname', 'managedby', 'ipakrbauthzdata'] default_attributes = ['krbprincipalname', 'usercertificate', 'managedby', 'ipakrbauthzdata',] @@ -327,6 +328,10 @@ class service_add(LDAPCreate): # schema entry_attrs['ipakrbprincipalalias'] = keys[-1] + # Objectclass ipakrbprincipal providing ipakrbprincipalalias is not in + # in a list of default objectclasses, add it manually + entry_attrs['objectclass'].append('ipakrbprincipal') + return dn api.register(service_add) |