rpms / ipa

Clone
Source Code
GIT

Files

  1.   ac7d03c67af81669700da761908f3f0de3d23372
  2.   SOURCES
  3.   0055-Always-check-and-create-anonymous-principal-during-K.patch
Blob Blame History Raw 
From 6602dffc7ab8e9bdc7fefd02f9ed11e5575f5f7b Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabinsk@redhat.com>
Date: Wed, 22 Mar 2017 16:41:59 +0100
Subject: [PATCH] Always check and create anonymous principal during KDC
 install

The anonymous principal will now be checked for presence and created on
both server and replica install. This fixes errors caused during replica
installation against older master that do not have anonymous principal
present.

https://pagure.io/freeipa/issue/6799

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
---
 ipaserver/install/krbinstance.py | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index 5f4b5282f54234c15b1a8d8273eff69e134e665b..6c105f74c8da2bfd34ace607b13170bc96a8ff1d 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -33,7 +33,7 @@ from ipaserver.install import installutils
 from ipapython import ipaldap
 from ipapython import ipautil
 from ipapython import kernel_keyring
-from ipalib import api
+from ipalib import api, errors
 from ipalib.constants import ANON_USER
 from ipalib.install import certmonger
 from ipapython.ipa_log_manager import root_logger
@@ -142,6 +142,7 @@ class KrbInstance(service.Service):
             pass
 
     def __common_post_setup(self):
+        self.step("creating anonymous principal", self.add_anonymous_principal)
         self.step("starting the KDC", self.__start_instance)
         self.step("configuring KDC to start on boot", self.__enable)
 
@@ -160,7 +161,6 @@ class KrbInstance(service.Service):
         self.step("creating a keytab for the directory", self.__create_ds_keytab)
         self.step("creating a keytab for the machine", self.__create_host_keytab)
         self.step("adding the password extension to the directory", self.__add_pwd_extop_module)
-        self.step("creating anonymous principal", self.add_anonymous_principal)
 
         self.__common_post_setup()
 
@@ -432,8 +432,17 @@ class KrbInstance(service.Service):
     def add_anonymous_principal(self):
         # Create the special anonymous principal
         princ_realm = self.get_anonymous_principal_name()
-        installutils.kadmin_addprinc(princ_realm)
-        self._ldap_mod("anon-princ-aci.ldif", self.sub_dict)
+        dn = DN(('krbprincipalname', princ_realm), self.get_realm_suffix())
+        try:
+            self.api.Backend.ldap2.get_entry(dn)
+        except errors.NotFound:
+            installutils.kadmin_addprinc(princ_realm)
+            self._ldap_mod("anon-princ-aci.ldif", self.sub_dict)
+
+        try:
+            self.api.Backend.ldap2.set_entry_active(dn, True)
+        except errors.AlreadyActive:
+            pass
 
     def __convert_to_gssapi_replication(self):
         repl = replication.ReplicationManager(self.realm,
-- 
2.12.2

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation