[debian-edu-commits] debian-edu/ 01/01: gosa-sync: Test if a given user account actually is a Kerberos account. If not, don't try to set the Kerberos password for this account. (Closes: #798435).

Mike Gabriel sunweaver at debian.org
Wed Oct 14 08:33:38 UTC 2015 

This is an automated email from the git hooks/post-receive script.

sunweaver pushed a commit to branch master
in repository debian-edu-config.

commit aa21f45dd58336bd4acd22f491bfa50fd1f026b6
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Wed Oct 14 10:32:37 2015 +0200

    gosa-sync: Test if a given user account actually is a Kerberos account. If not, don't try to set the Kerberos password for this account. (Closes: #798435).
---
 debian/changelog                        | 3 +++
 share/debian-edu-config/tools/gosa-sync | 9 +++++++++
 2 files changed, 12 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index f9bbe81..0138869 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -23,6 +23,9 @@ debian-edu-config (1.819) UNRELEASED; urgency=low
   * debian-edu-fsautoresize: Always use mapper names instead of kernel names
     when detecting supported mount points. (Closes: #800651). Thanks
     to Wolfgang Schweer and Giorgio Pioda.
+  * gosa-sync: Test if a given user account actually is a Kerberos account. If
+    not, don't try to set the Kerberos password for this account. (Closes:
+    #798435).
 
  -- Petter Reinholdtsen <pere at debian.org>  Sat, 16 May 2015 23:12:06 +0200
 
diff --git a/share/debian-edu-config/tools/gosa-sync b/share/debian-edu-config/tools/gosa-sync
index 3cb573c..223abbf 100755
--- a/share/debian-edu-config/tools/gosa-sync
+++ b/share/debian-edu-config/tools/gosa-sync
@@ -17,6 +17,15 @@ set -e
 USERDN="$1"
 USERID=`echo "$USERDN" | sed "s/^uid=\([^,]*\),.*$/\1/"`
 
+# check if the given user account has the Kerberos principal objectClass set...
+is_krbprincipal=`ldapsearch -LLL -x "(&(uid=${USERID})(objectClass=krbPrincipalAux))"`
+if [ -z "$is_krbprincipal" ]; then
+
+   # if not, simply bail out here without noise...
+    exit 0
+
+fi
+
 ## The new user password is in environment, $USERPASSWORD.
 ## Check if provided password corresponds to hash saved in ldap database:
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/debian-edu-config.git

More information about the debian-edu-commits mailing list