Even though my name is on the patch, Simo wrote it and is the author in the patch.

From 0b6b2342d0d723336b2c612460e3b7ec43f21112 Mon Sep 17 00:00:00 2001
From: Simo Sorce <sso...@redhat.com>
Date: Mon, 14 Mar 2011 15:22:27 -0400
Subject: [PATCH] Domain to Realm
 Explicitly use the realm specified on the command line.
 Many places were assuming that the domain and realm were the same.

https://bugzilla.redhat.com/show_bug.cgi?id=684690
https://fedorahosted.org/freeipa/ticket/1091
---
 ipaserver/install/ldapupdate.py |   25 +++++++++++++++----------
 1 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py
index 0cee70ba9a48b562ef775735d93054a62e6bbdbe..a2eebebcc94cbda5c7e31cf83fb62461e8fa2aab 100644
--- a/ipaserver/install/ldapupdate.py
+++ b/ipaserver/install/ldapupdate.py
@@ -67,13 +67,16 @@ class LDAPUpdate:
 
         self.pw_name = pwd.getpwuid(os.geteuid()).pw_name
 
-        krbctx = krbV.default_context()
-        try:
-            self.realm = krbctx.default_realm
-            suffix = util.realm_to_suffix(self.realm)
-        except krbV.Krb5Error:
-            self.realm = None
-            suffix = None
+        if sub_dict.get("REALM"):
+            self.realm = sub_dict["REALM"]
+        else:
+            krbctx = krbV.default_context()
+            try:
+                self.realm = krbctx.default_realm
+                suffix = util.realm_to_suffix(self.realm)
+            except krbV.Krb5Error:
+                self.realm = None
+                suffix = None
 
         domain = ipautil.get_domain_name()
         libarch = self.__identify_arch()
@@ -84,7 +87,7 @@ class LDAPUpdate:
                 raise RuntimeError("Unable to determine hostname")
         else:
             fqdn = "ldapi://%%2fvar%%2frun%%2fslapd-%s.socket" % "-".join(
-                domain.upper().split(".")
+                self.realm.split(".")
             )
 
         if not self.sub_dict.get("REALM") and self.realm is not None:
@@ -108,7 +111,7 @@ class LDAPUpdate:
             # Try out the password
             #if not self.ldapi:
                 try:
-                    conn = ipaldap.IPAdmin(fqdn, ldapi=True, realm=domain.upper())
+                    conn = ipaldap.IPAdmin(fqdn, ldapi=True, realm=self.realm)
                     conn.do_simple_bind(binddn="cn=directory manager", bindpw=self.dm_password)
                     conn.unbind()
                 except ldap.CONNECT_ERROR:
@@ -659,7 +662,9 @@ class LDAPUpdate:
                 #    self.conn = ipaldap.IPAdmin(ldapi=True, realm=self.realm)
                 #    self.conn.do_external_bind(self.pw_name)
                 #else:
-                    self.conn = ipaldap.IPAdmin(self.sub_dict['FQDN'], ldapi=self.ldapi, realm=self.sub_dict['DOMAIN'].upper())
+                    self.conn = ipaldap.IPAdmin(self.sub_dict['FQDN'],
+                                                ldapi=self.ldapi,
+                                                realm=self.realm)
                     self.conn.do_simple_bind(bindpw=self.dm_password)
             else:
                 raise RuntimeError("Offline updates are not supported.")
-- 
1.7.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to