don't attempt to store Kerberos principal data in LDAP; this is not the current Kerberos backend used
This commit is contained in:
parent
a4ebb86d18
commit
59194475a6
16
src/ldap.c
16
src/ldap.c
|
@ -170,7 +170,7 @@ int ceo_add_group_sudo(char *group, char *basedn) {
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
int ceo_add_user(char *uid, char *basedn, char *objclass, char *cn, char *home, char *principal, char *shell, int no, ...) {
|
int ceo_add_user(char *uid, char *basedn, char *objclass, char *cn, char *home, char *shell, int no, ...) {
|
||||||
va_list args;
|
va_list args;
|
||||||
|
|
||||||
if (!uid || !basedn || !cn || !home || !shell)
|
if (!uid || !basedn || !cn || !home || !shell)
|
||||||
|
@ -188,11 +188,6 @@ int ceo_add_user(char *uid, char *basedn, char *objclass, char *cn, char *home,
|
||||||
char *objectClasses[] = { "top", "account", "posixAccount", "shadowAccount", NULL, NULL, NULL, NULL };
|
char *objectClasses[] = { "top", "account", "posixAccount", "shadowAccount", NULL, NULL, NULL, NULL };
|
||||||
if (objclass != NULL)
|
if (objclass != NULL)
|
||||||
objectClasses[classes++] = objclass;
|
objectClasses[classes++] = objclass;
|
||||||
if (principal) {
|
|
||||||
objectClasses[classes++] = "krbPrincipalAux";
|
|
||||||
objectClasses[classes++] = "krbTicketPolicyAux";
|
|
||||||
|
|
||||||
}
|
|
||||||
mods[i]->mod_values = objectClasses;
|
mods[i]->mod_values = objectClasses;
|
||||||
|
|
||||||
mods[++i] = xmalloc(sizeof(LDAPMod));
|
mods[++i] = xmalloc(sizeof(LDAPMod));
|
||||||
|
@ -232,15 +227,6 @@ int ceo_add_user(char *uid, char *basedn, char *objclass, char *cn, char *home,
|
||||||
char *homeDirectory[] = { home, NULL };
|
char *homeDirectory[] = { home, NULL };
|
||||||
mods[i]->mod_values = homeDirectory;
|
mods[i]->mod_values = homeDirectory;
|
||||||
|
|
||||||
if (principal) {
|
|
||||||
mods[++i] = xmalloc(sizeof(LDAPMod));
|
|
||||||
mods[i]->mod_op = LDAP_MOD_ADD;
|
|
||||||
mods[i]->mod_type = "krbPrincipalName";
|
|
||||||
vals[i][0] = principal;
|
|
||||||
vals[i][1] = NULL;
|
|
||||||
mods[i]->mod_values = vals[i];
|
|
||||||
}
|
|
||||||
|
|
||||||
va_start(args, no);
|
va_start(args, no);
|
||||||
char *attr;
|
char *attr;
|
||||||
while ((attr = va_arg(args, char *))) {
|
while ((attr = va_arg(args, char *))) {
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
#define LDAP_DEFAULT_PROTOCOL LDAP_VERSION3
|
#define LDAP_DEFAULT_PROTOCOL LDAP_VERSION3
|
||||||
|
|
||||||
int ceo_add_user(char *, char *, char *, char *, char *, char *, char *, int, ...);
|
int ceo_add_user(char *, char *, char *, char *, char *, char *, int, ...);
|
||||||
int ceo_add_group(char *, char *, int);
|
int ceo_add_group(char *, char *, int);
|
||||||
int ceo_add_group_sudo(char *, char *);
|
int ceo_add_group_sudo(char *, char *);
|
||||||
int ceo_new_uid(int, int);
|
int ceo_new_uid(int, int);
|
||||||
|
|
|
@ -163,7 +163,7 @@ static int32_t addmember(Ceo__AddUser *in, Ceo__AddUserResponse *out) {
|
||||||
if ((krb_stat = ceo_del_princ(in->username)))
|
if ((krb_stat = ceo_del_princ(in->username)))
|
||||||
return response_message(out, EEXIST, "unable to overwrite orphaned kerberos principal %s", in->username);
|
return response_message(out, EEXIST, "unable to overwrite orphaned kerberos principal %s", in->username);
|
||||||
|
|
||||||
if ((user_stat = ceo_add_user(in->username, ldap_users_base, "member", in->realname, homedir, principal,
|
if ((user_stat = ceo_add_user(in->username, ldap_users_base, "member", in->realname, homedir,
|
||||||
member_shell, id, "program", in->program, NULL)))
|
member_shell, id, "program", in->program, NULL)))
|
||||||
return response_message(out, ELDAP, "unable to create ldap account %s", in->username);
|
return response_message(out, ELDAP, "unable to create ldap account %s", in->username);
|
||||||
response_message(out, 0, "successfully created ldap account");
|
response_message(out, 0, "successfully created ldap account");
|
||||||
|
|
Loading…
Reference in New Issue