don't attempt to store Kerberos principal data in LDAP; this is not the current Kerberos backend used
This commit is contained in:
parent
a4ebb86d18
commit
59194475a6
16
src/ldap.c
16
src/ldap.c
|
@ -170,7 +170,7 @@ int ceo_add_group_sudo(char *group, char *basedn) {
|
|||
return ret;
|
||||
}
|
||||
|
||||
int ceo_add_user(char *uid, char *basedn, char *objclass, char *cn, char *home, char *principal, char *shell, int no, ...) {
|
||||
int ceo_add_user(char *uid, char *basedn, char *objclass, char *cn, char *home, char *shell, int no, ...) {
|
||||
va_list args;
|
||||
|
||||
if (!uid || !basedn || !cn || !home || !shell)
|
||||
|
@ -188,11 +188,6 @@ int ceo_add_user(char *uid, char *basedn, char *objclass, char *cn, char *home,
|
|||
char *objectClasses[] = { "top", "account", "posixAccount", "shadowAccount", NULL, NULL, NULL, NULL };
|
||||
if (objclass != NULL)
|
||||
objectClasses[classes++] = objclass;
|
||||
if (principal) {
|
||||
objectClasses[classes++] = "krbPrincipalAux";
|
||||
objectClasses[classes++] = "krbTicketPolicyAux";
|
||||
|
||||
}
|
||||
mods[i]->mod_values = objectClasses;
|
||||
|
||||
mods[++i] = xmalloc(sizeof(LDAPMod));
|
||||
|
@ -232,15 +227,6 @@ int ceo_add_user(char *uid, char *basedn, char *objclass, char *cn, char *home,
|
|||
char *homeDirectory[] = { home, NULL };
|
||||
mods[i]->mod_values = homeDirectory;
|
||||
|
||||
if (principal) {
|
||||
mods[++i] = xmalloc(sizeof(LDAPMod));
|
||||
mods[i]->mod_op = LDAP_MOD_ADD;
|
||||
mods[i]->mod_type = "krbPrincipalName";
|
||||
vals[i][0] = principal;
|
||||
vals[i][1] = NULL;
|
||||
mods[i]->mod_values = vals[i];
|
||||
}
|
||||
|
||||
va_start(args, no);
|
||||
char *attr;
|
||||
while ((attr = va_arg(args, char *))) {
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#define LDAP_DEFAULT_PROTOCOL LDAP_VERSION3
|
||||
|
||||
int ceo_add_user(char *, char *, char *, char *, char *, char *, char *, int, ...);
|
||||
int ceo_add_user(char *, char *, char *, char *, char *, char *, int, ...);
|
||||
int ceo_add_group(char *, char *, int);
|
||||
int ceo_add_group_sudo(char *, char *);
|
||||
int ceo_new_uid(int, int);
|
||||
|
|
|
@ -163,7 +163,7 @@ static int32_t addmember(Ceo__AddUser *in, Ceo__AddUserResponse *out) {
|
|||
if ((krb_stat = ceo_del_princ(in->username)))
|
||||
return response_message(out, EEXIST, "unable to overwrite orphaned kerberos principal %s", in->username);
|
||||
|
||||
if ((user_stat = ceo_add_user(in->username, ldap_users_base, "member", in->realname, homedir, principal,
|
||||
if ((user_stat = ceo_add_user(in->username, ldap_users_base, "member", in->realname, homedir,
|
||||
member_shell, id, "program", in->program, NULL)))
|
||||
return response_message(out, ELDAP, "unable to create ldap account %s", in->username);
|
||||
response_message(out, 0, "successfully created ldap account");
|
||||
|
|
Loading…
Reference in New Issue