34 lines
1.2 KiB
Diff
34 lines
1.2 KiB
Diff
From 2f9cbffb6e57ded2d0107f457241f33b17869a96 Mon Sep 17 00:00:00 2001
|
|
From: Rob Crittenden <rcritten@redhat.com>
|
|
Date: Jul 19 2019 19:16:16 +0000
|
|
Subject: Remove posixAccount from service_find search filter
|
|
|
|
|
|
This will allow cifs principals to be found. They were suppressed
|
|
because they include objectclass=posixAccount.
|
|
|
|
This is a bit of a historical anomaly. This was included in the
|
|
filter from the initial commit (though it was person, not
|
|
posixAccount). I believe it was a mistake from the beginning but
|
|
it wasn't noticed because it didn't cause any obvious issues.
|
|
|
|
https://pagure.io/freeipa/issue/8013
|
|
|
|
Reviewed-By: Alexander Bokovoy <abbra@users.noreply.github.com>
|
|
|
|
---
|
|
|
|
diff --git a/ipaserver/plugins/service.py b/ipaserver/plugins/service.py
|
|
index f58fe4b..c118b80 100644
|
|
--- a/ipaserver/plugins/service.py
|
|
+++ b/ipaserver/plugins/service.py
|
|
@@ -889,7 +889,6 @@ class service_find(LDAPSearch):
|
|
assert isinstance(base_dn, DN)
|
|
# lisp style!
|
|
custom_filter = '(&(objectclass=ipaService)' \
|
|
- '(!(objectClass=posixAccount))' \
|
|
'(!(|(krbprincipalname=kadmin/*)' \
|
|
'(krbprincipalname=K/M@*)' \
|
|
'(krbprincipalname=krbtgt/*))' \
|
|
|