From 0c2d0bb2b0f6b56f57b592ffc8784a0dfa1c9a48 Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Mon, 1 Oct 2012 16:49:34 +0200 Subject: Fill ipakrbprincipalalias on upgrades From IPA 3.0, services have by default ipakrbprincipal objectclass which allows ipakrbprincipalalias attribute used for case-insensitive principal searches. However, services created in previous version do not have this objectclass (and attribute) and thus case-insensitive searches may return inconsistent results. Fill ipakrbprincipalalias on upgrades for all 2.x services. Also treat Treat the ipakrbprincipal as optional to avoid missing services in service-find command if the upgrade fails for any reason. https://fedorahosted.org/freeipa/ticket/3106 --- ipalib/plugins/service.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'ipalib/plugins') diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py index 120eb607..a3d436e6 100644 --- a/ipalib/plugins/service.py +++ b/ipalib/plugins/service.py @@ -221,8 +221,9 @@ class service(LDAPObject): object_name_plural = _('services') object_class = [ 'krbprincipal', 'krbprincipalaux', 'krbticketpolicyaux', 'ipaobject', - 'ipaservice', 'pkiuser', 'ipakrbprincipal' + 'ipaservice', 'pkiuser' ] + possible_objectclasses = ['ipakrbprincipal'] search_attributes = ['krbprincipalname', 'managedby', 'ipakrbauthzdata'] default_attributes = ['krbprincipalname', 'usercertificate', 'managedby', 'ipakrbauthzdata',] @@ -327,6 +328,10 @@ class service_add(LDAPCreate): # schema entry_attrs['ipakrbprincipalalias'] = keys[-1] + # Objectclass ipakrbprincipal providing ipakrbprincipalalias is not in + # in a list of default objectclasses, add it manually + entry_attrs['objectclass'].append('ipakrbprincipal') + return dn api.register(service_add) -- cgit