diff options
author | Martin Babinsky <mbabinsk@redhat.com> | 2016-06-27 08:48:29 +0200 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2016-06-27 13:38:07 +0200 |
commit | 7b8247a485081a6f1f5201e286ac17228f976355 (patch) | |
tree | 651c6afa1684c240cf4f586b358f6013e3b33293 | |
parent | 7bf3b1d546f22eeb61dce58cb69d471f834b8aac (diff) | |
download | freeipa-7b8247a485081a6f1f5201e286ac17228f976355.tar.gz freeipa-7b8247a485081a6f1f5201e286ac17228f976355.tar.xz freeipa-7b8247a485081a6f1f5201e286ac17228f976355.zip |
keep setting ipakrbprincipal objectclass on new service entries
this is required for replica promotion to work, since the ACI allowing hosts
to add their own services uses this objectclass as target filter.
This partially reverts changes from commit
705f66f7490c64de1adc129221b31927616c485d
https://fedorahosted.org/freeipa/ticket/5996
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
-rw-r--r-- | ipaserver/plugins/service.py | 9 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/objectclasses.py | 1 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_service_plugin.py | 4 |
3 files changed, 13 insertions, 1 deletions
diff --git a/ipaserver/plugins/service.py b/ipaserver/plugins/service.py index cb9952d44..701314f8d 100644 --- a/ipaserver/plugins/service.py +++ b/ipaserver/plugins/service.py @@ -576,6 +576,15 @@ class service_add(LDAPCreate): if not 'managedby' in entry_attrs: entry_attrs['managedby'] = hostresult['dn'] + # Enforce ipaKrbPrincipalAlias to aid case-insensitive searches + # as krbPrincipalName/krbCanonicalName are case-sensitive in Kerberos + # schema + entry_attrs['ipakrbprincipalalias'] = keys[-1] + + # Objectclass ipakrbprincipal providing ipakrbprincipalalias is not in + # in a list of default objectclasses, add it manually + entry_attrs['objectclass'].append('ipakrbprincipal') + # set krbcanonicalname attribute to enable principal canonicalization util.set_krbcanonicalname(entry_attrs) diff --git a/ipatests/test_xmlrpc/objectclasses.py b/ipatests/test_xmlrpc/objectclasses.py index 7050de289..134a08803 100644 --- a/ipatests/test_xmlrpc/objectclasses.py +++ b/ipatests/test_xmlrpc/objectclasses.py @@ -100,6 +100,7 @@ service = [ u'ipaobject', u'ipaservice', u'pkiuser', + u'ipakrbprincipal', u'top', ] diff --git a/ipatests/test_xmlrpc/test_service_plugin.py b/ipatests/test_xmlrpc/test_service_plugin.py index 3009521c3..f22824f9a 100644 --- a/ipatests/test_xmlrpc/test_service_plugin.py +++ b/ipatests/test_xmlrpc/test_service_plugin.py @@ -239,6 +239,7 @@ class test_service(Declarative): result=dict( dn=service1dn, krbprincipalname=[service1], + ipakrbprincipalalias=[service1], krbcanonicalname=[service1], objectclass=objectclasses.service, ipauniqueid=[fuzzy_uuid], @@ -301,7 +302,8 @@ class test_service(Declarative): dict( dn=service1dn, krbprincipalname=[service1], - krbcanonicalname=service1, + ipakrbprincipalalias=[service1], + krbcanonicalname=[service1], objectclass=objectclasses.service, ipauniqueid=[fuzzy_uuid], has_keytab=False, |