don't attempt to store Kerberos principal data in LDAP; this is not the current Kerberos backend used

master
Jeremy Roman 9 years ago
parent a4ebb86d18
commit 59194475a6
  1. 16
      src/ldap.c
  2. 2
      src/ldap.h
  3. 2
      src/op-adduser.c

@ -170,7 +170,7 @@ int ceo_add_group_sudo(char *group, char *basedn) {
return ret;
}
int ceo_add_user(char *uid, char *basedn, char *objclass, char *cn, char *home, char *principal, char *shell, int no, ...) {
int ceo_add_user(char *uid, char *basedn, char *objclass, char *cn, char *home, char *shell, int no, ...) {
va_list args;
if (!uid || !basedn || !cn || !home || !shell)
@ -188,11 +188,6 @@ int ceo_add_user(char *uid, char *basedn, char *objclass, char *cn, char *home,
char *objectClasses[] = { "top", "account", "posixAccount", "shadowAccount", NULL, NULL, NULL, NULL };
if (objclass != NULL)
objectClasses[classes++] = objclass;
if (principal) {
objectClasses[classes++] = "krbPrincipalAux";
objectClasses[classes++] = "krbTicketPolicyAux";
}
mods[i]->mod_values = objectClasses;
mods[++i] = xmalloc(sizeof(LDAPMod));
@ -232,15 +227,6 @@ int ceo_add_user(char *uid, char *basedn, char *objclass, char *cn, char *home,
char *homeDirectory[] = { home, NULL };
mods[i]->mod_values = homeDirectory;
if (principal) {
mods[++i] = xmalloc(sizeof(LDAPMod));
mods[i]->mod_op = LDAP_MOD_ADD;
mods[i]->mod_type = "krbPrincipalName";
vals[i][0] = principal;
vals[i][1] = NULL;
mods[i]->mod_values = vals[i];
}
va_start(args, no);
char *attr;
while ((attr = va_arg(args, char *))) {

@ -1,6 +1,6 @@
#define LDAP_DEFAULT_PROTOCOL LDAP_VERSION3
int ceo_add_user(char *, char *, char *, char *, char *, char *, char *, int, ...);
int ceo_add_user(char *, char *, char *, char *, char *, char *, int, ...);
int ceo_add_group(char *, char *, int);
int ceo_add_group_sudo(char *, char *);
int ceo_new_uid(int, int);

@ -163,7 +163,7 @@ static int32_t addmember(Ceo__AddUser *in, Ceo__AddUserResponse *out) {
if ((krb_stat = ceo_del_princ(in->username)))
return response_message(out, EEXIST, "unable to overwrite orphaned kerberos principal %s", in->username);
if ((user_stat = ceo_add_user(in->username, ldap_users_base, "member", in->realname, homedir, principal,
if ((user_stat = ceo_add_user(in->username, ldap_users_base, "member", in->realname, homedir,
member_shell, id, "program", in->program, NULL)))
return response_message(out, ELDAP, "unable to create ldap account %s", in->username);
response_message(out, 0, "successfully created ldap account");

Loading…
Cancel
Save