Attachment 2778 Details for Bug 20518 – Implementierung der per UCR konfigurierbaren Erweiterung von Accounts auf Kerberos-Accounts

[patch] Implementierung der per UCR konfigurierbaren Erweiterung von Accounts auf Kerberos-Accounts

univention-ad-connector_add_kerberosPrinciple.patch (text/plain), 3.55 KB, created by Ingo Steuwer on 2010-10-27 09:37:24 CEST

(hide)

Description:

Filename:

MIME Type:

Creator: Ingo Steuwer

Created: 2010-10-27 09:37:24 CEST

Size: 3.55 KB

patch

obsolete

>diff -Nur univention-ad-connector-5.0.6.orig/conffiles/etc/univention/connector/ad/mapping.py univention-ad-connector-5.0.6/conffiles/etc/univention/connector/ad/mapping.py
>--- univention-ad-connector-5.0.6.orig/conffiles/etc/univention/connector/ad/mapping.py	2010-08-19 13:43:18.000000000 +0200
>+++ univention-ad-connector-5.0.6/conffiles/etc/univention/connector/ad/mapping.py	2010-10-27 08:28:19.000000000 +0200
>@@ -98,7 +98,8 @@
> 						 univention.connector.set_primary_group_user
> 						 ],
> 
>-			post_con_modify_functions=[ univention.connector.ad.password.password_sync_ucs,
>+			post_con_modify_functions=[ univention.connector.ad.set_userPrincipalName_from_ucr,
>+						    univention.connector.ad.password.password_sync_ucs,
> 						    univention.connector.ad.primary_group_sync_from_ucs,
> 						    univention.connector.ad.object_memberships_sync_from_ucs,
> 						    univention.connector.ad.disable_user_from_ucs,
>diff -Nur univention-ad-connector-5.0.6.orig/debian/univention-ad-connector.univention-config-registry-variables univention-ad-connector-5.0.6/debian/univention-ad-connector.univention-config-registry-variables
>--- univention-ad-connector-5.0.6.orig/debian/univention-ad-connector.univention-config-registry-variables	2010-08-19 13:43:10.000000000 +0200
>+++ univention-ad-connector-5.0.6/debian/univention-ad-connector.univention-config-registry-variables	2010-10-27 08:38:57.000000000 +0200
>@@ -117,3 +117,9 @@
> Description[en]=
> Type=str
> Categories=service-adcon
>+
>+[con.*/ad/mapping/kerberosdomain]
>+Description[de]=Kerberos-Domain fÃ¼r Windows 2008 Accounts (ergibt mit dem UCS-Benutzernamen den AD Kerberos Principal sofern dieser noch nicht gesetzt ist).
>+Description[en]=
>+Type=str
>+Categories=service-adcon
>diff -Nur univention-ad-connector-5.0.6.orig/modules/univention/connector/ad/__init__.py univention-ad-connector-5.0.6/modules/univention/connector/ad/__init__.py
>--- univention-ad-connector-5.0.6.orig/modules/univention/connector/ad/__init__.py	2010-08-19 13:43:18.000000000 +0200
>+++ univention-ad-connector-5.0.6/modules/univention/connector/ad/__init__.py	2010-10-27 09:24:05.000000000 +0200
>@@ -71,6 +71,9 @@
> def disable_user_from_ucs(connector, key, object):
> 	return connector.disable_user_from_ucs(key, object)
> 
>+def set_userPrincipalName_from_ucr(connector, key, object):
>+	return connector.set_userPrincipalName_from_ucr(key, object)
>+
> def disable_user_to_ucs(connector, key, object):
> 	return connector.disable_user_to_ucs(key, object)
> 
>@@ -1429,6 +1432,24 @@
> 		else:
> 			pass
> 			
>+	def set_userPrincipalName_from_ucr(self, key, object):
>+		object_key = key
>+		object_ucs = self._object_mapping(object_key,object)
>+		ldap_object_ad = self.get_object(object['dn'])
>+
>+		ucs_admin_object=univention.admin.objects.get(self.modules[object_key], co='', lo=self.lo, position='', dn=object_ucs['dn'])
>+		ucs_admin_object.open()
>+
>+		if self.baseConfig.has_key('%s/ad/mapping/kerberosdomain' % self.CONFIGBASENAME) and not ldap_object_ad.has_key('userPrincipalName'):
>+			principalDomain = self.baseConfig['%s/ad/mapping/kerberosdomain' % self.CONFIGBASENAME]
>+			localPart = ucs_admin_object['username']
>+			userPrincipalName = "%s@%s" % (localPart, principalDomain)
>+			modlist=[(ldap.MOD_REPLACE, 'userPrincipalName', [userPrincipalName])]
>+			ud.debug(ud.LDAP, ud.INFO, "set_userPrincipalName_from_ucr: set kerberos principle %s for AD user %s with modlist %s " % 
>+				 (userPrincipalName, object['dn'], modlist) )
>+			self.lo_ad.lo.modify_s(compatible_modstring(object['dn']), compatible_modlist(modlist))
>+
>+
> 	def disable_user_from_ucs(self, key, object):		
> 		object_key = key
>

Actions: View | Diff

Attachments on bug 20518: 2778