[debian-edu-commits] debian-edu/ 01/01: gosa-sync: Test if a given user account actually is a Kerberos account. If not, don't try to set the Kerberos password for this account. (Closes: #798435).
Mike Gabriel
sunweaver at debian.org
Wed Oct 14 08:33:49 UTC 2015
This is an automated email from the git hooks/post-receive script.
sunweaver pushed a commit to branch jessie
in repository debian-edu-config.
commit f9ac1e4796f5520a7cde84db7da55d46ade7600c
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date: Wed Oct 14 10:32:37 2015 +0200
gosa-sync: Test if a given user account actually is a Kerberos account. If not, don't try to set the Kerberos password for this account. (Closes: #798435).
---
debian/changelog | 3 +++
share/debian-edu-config/tools/gosa-sync | 9 +++++++++
2 files changed, 12 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index f6f7912..0db4356 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,6 +11,9 @@ debian-edu-config (1.818+deb8u1) UNRELEASED; urgency=low
* debian-edu-fsautoresize: Always use mapper names instead of kernel names
when detecting supported mount points. (Closes: #800651). Thanks
to Wolfgang Schweer and Giorgio Pioda.
+ * gosa-sync: Test if a given user account actually is a Kerberos account. If
+ not, don't try to set the Kerberos password for this account. (Closes:
+ #798435).
-- Petter Reinholdtsen <pere at debian.org> Sat, 16 May 2015 23:12:06 +0200
diff --git a/share/debian-edu-config/tools/gosa-sync b/share/debian-edu-config/tools/gosa-sync
index 3cb573c..223abbf 100755
--- a/share/debian-edu-config/tools/gosa-sync
+++ b/share/debian-edu-config/tools/gosa-sync
@@ -17,6 +17,15 @@ set -e
USERDN="$1"
USERID=`echo "$USERDN" | sed "s/^uid=\([^,]*\),.*$/\1/"`
+# check if the given user account has the Kerberos principal objectClass set...
+is_krbprincipal=`ldapsearch -LLL -x "(&(uid=${USERID})(objectClass=krbPrincipalAux))"`
+if [ -z "$is_krbprincipal" ]; then
+
+ # if not, simply bail out here without noise...
+ exit 0
+
+fi
+
## The new user password is in environment, $USERPASSWORD.
## Check if provided password corresponds to hash saved in ldap database:
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/debian-edu-config.git
More information about the debian-edu-commits
mailing list