Author: mcalmer Date: Tue Sep 23 15:59:51 2008 New Revision: 51407 URL: http://svn.opensuse.org/viewcvs/yast?rev=51407&view=rev Log: version 2.17.4 -- create LDAP ACL Modified: trunk/kerberos-server/VERSION trunk/kerberos-server/package/yast2-kerberos-server.changes trunk/kerberos-server/src/KerberosServer.pm Modified: trunk/kerberos-server/VERSION URL: http://svn.opensuse.org/viewcvs/yast/trunk/kerberos-server/VERSION?rev=51407&r1=51406&r2=51407&view=diff ============================================================================== --- trunk/kerberos-server/VERSION (original) +++ trunk/kerberos-server/VERSION Tue Sep 23 15:59:51 2008 @@ -1 +1 @@ -2.17.3 +2.17.4 Modified: trunk/kerberos-server/package/yast2-kerberos-server.changes URL: http://svn.opensuse.org/viewcvs/yast/trunk/kerberos-server/package/yast2-kerberos-server.changes?rev=51407&r1=51406&r2=51407&view=diff ============================================================================== --- trunk/kerberos-server/package/yast2-kerberos-server.changes (original) +++ trunk/kerberos-server/package/yast2-kerberos-server.changes Tue Sep 23 15:59:51 2008 @@ -1,4 +1,10 @@ ------------------------------------------------------------------- +Tue Sep 23 15:56:42 CEST 2008 - mc@suse.de + +- version 2.17.4 +- create a LDAP ACL for krbPrincipalKey,krbExtraData (bnc#429057) + +------------------------------------------------------------------- Wed Sep 10 15:55:49 CEST 2008 - mc@suse.de - version 2.17.3 Modified: trunk/kerberos-server/src/KerberosServer.pm URL: http://svn.opensuse.org/viewcvs/yast/trunk/kerberos-server/src/KerberosServer.pm?rev=51407&r1=51406&r2=51407&view=diff ============================================================================== --- trunk/kerberos-server/src/KerberosServer.pm (original) +++ trunk/kerberos-server/src/KerberosServer.pm Tue Sep 23 15:59:51 2008 @@ -869,6 +869,41 @@ return 0; } + my $ldapacls = LdapServer->ReadDatabaseAcl(1); + my $found = 0; + foreach my $acl (@{$ldapacls}) + { + if(exists $acl->{target}->{attrs} && defined $acl->{target}->{attrs} && + $acl->{target}->{attrs} =~ /krbPrincipalKey/i) + { + $found = 1; + last; + } + } + + if(!$found) + { + my $krb5acl = { + 'target' => { + 'attrs' => "krbPrincipalKey,krbExtraData" + }, + 'access' => [ + { + 'level' => 'none', + 'type' => '*' + } + ] + }; + unshift @{$ldapacls}, $krb5acl; + + $ret = LdapServer->ChangeDatabaseAcl(1, $ldapacls); + if(! $ret) + { + y2error("LdapServer => ChangeDatabaseAcl call failed"); + return 0; + } + } + $ret = LdapServer->Write(); if(! $ret) { @@ -876,14 +911,6 @@ return 0; } - # - # FIXME: need some new handling for this in LdapServer - # - #if (!SCR->Write (".ldapserver.krb5ACLHack", "" )) - #{ - # return 0; - #} - return 1; } -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org