diff options
| author | Martin Babinsky <mbabinsk@redhat.com> | 2015-09-08 17:43:30 +0200 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2016-06-23 09:48:06 +0200 |
| commit | 705f66f7490c64de1adc129221b31927616c485d (patch) | |
| tree | cc7138c355431ca285e076af31b5b8b0f8cbdbe8 /ipalib | |
| parent | b169a72735fccb170adb5c84ec1bcc10a70e5494 (diff) | |
| download | freeipa-705f66f7490c64de1adc129221b31927616c485d.tar.gz freeipa-705f66f7490c64de1adc129221b31927616c485d.tar.xz freeipa-705f66f7490c64de1adc129221b31927616c485d.zip | |
IPA API: set krbcanonicalname instead of ipakrbprincipalalias on new entities
Hosts, services, and (stage)-users will now have krbcanonicalname attribute
set to the same value as krbprincipalname on creation. Moreover, new services
will not have ipakrbprincipalalias set anymore.
Part of https://fedorahosted.org/freeipa/ticket/3864
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/util.py | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/ipalib/util.py b/ipalib/util.py index 8435f7ab6..67865eb04 100644 --- a/ipalib/util.py +++ b/ipalib/util.py @@ -901,3 +901,14 @@ def validate_bind_forwarder(ugettext, forwarder): return _('%(port)s is not a valid port' % dict(port=port)) return None + + +def set_krbcanonicalname(entry_attrs): + objectclasses = set(i.lower() for i in entry_attrs['objectclass']) + + if 'krbprincipalaux' not in objectclasses: + return + + if ('krbprincipalname' in entry_attrs + and 'krbcanonicalname' not in entry_attrs): + entry_attrs['krbcanonicalname'] = entry_attrs['krbprincipalname'] |