From 17fab4982fcb8b8af6c20130907dd3d4bad7f699 Mon Sep 17 00:00:00 2001

From: Felipe Barreto <fbarreto@redhat.com>

Date: Fri, 13 Oct 2017 09:19:43 +0200

Subject: [PATCH] Checks if replica-s4u2proxy.ldif should be applied

Before applying replica-s3u2proxy.ldif, we check

if the values are already there. The values can be

there if a replica installation was done in the past

and some info was left behind. Also, the code checks

the values independently.

https://pagure.io/freeipa/issue/7174

Reviewed-By: Rob Crittenden <rcritten@redhat.com>

---

 ipaserver/install/dsinstance.py | 19 ++++++++++++++++++-

 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py

index 7a88612997a3fa96cf394852401fb01e5e4501d5..923f483340a26a614001701ce6c235dd73501501 100644

--- a/ipaserver/install/dsinstance.py

+++ b/ipaserver/install/dsinstance.py

@@ -954,7 +954,24 @@ class DsInstance(service.Service):

         self._ldap_mod("replica-prevent-time-skew.ldif", self.sub_dict)

     def __setup_s4u2proxy(self):

-        self._ldap_mod("replica-s4u2proxy.ldif", self.sub_dict)

+

+        def __add_principal(last_cn, principal, self):

+            dn = DN(('cn', last_cn), ('cn', 's4u2proxy'),

+                    ('cn', 'etc'), self.suffix)

+

+            value = '{principal}/{fqdn}@{realm}'.format(fqdn=self.fqdn,

+                                                        realm=self.realm,

+                                                        principal=principal)

+

+            entry = api.Backend.ldap2.get_entry(dn, ['memberPrincipal'])

+            try:

+                entry['memberPrincipal'].append(value)

+                api.Backend.ldap2.update_entry(entry)

+            except errors.EmptyModlist:

+                pass

+

+        __add_principal('ipa-http-delegation', 'HTTP', self)

+        __add_principal('ipa-ldap-delegation-targets', 'ldap', self)

     def __create_indices(self):

         self._ldap_mod("indices.ldif")

-- 

2.9.5