Yair Zaslavsky has uploaded a new change for review. Change subject: aaa: engine-manads-domains always tries to look for KDC in DNS ......................................................................
aaa: engine-manads-domains always tries to look for KDC in DNS The bug was caused due to the fact that the kdcs are always being validated, regardless of their "source" Change-Id: Ib3bb7cc049ad5b23127a505ff891b2d489a2caca Topic: AAA Bug-Url: https://bugzilla.redhat.com/1136087 Signed-off-by: Yair Zaslavsky <[email protected]> --- M backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/tools/ManageDomains.java 1 file changed, 9 insertions(+), 3 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/79/32279/1 diff --git a/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/tools/ManageDomains.java b/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/tools/ManageDomains.java index 9e18351..6e9072f 100644 --- a/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/tools/ManageDomains.java +++ b/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/tools/ManageDomains.java @@ -459,7 +459,9 @@ throw new ManageDomainsResult(ManageDomainsResultEnum.DOMAIN_ALREADY_EXISTS_IN_CONFIGURATION, domainName); } List<String> ldapServers = getLdapServers(domainName); - validateKdcServers(authMode, domainName); + if (shouldResolveKdc()) { + validateKdcServers(authMode, domainName); + } domainNameEntry.setValueForDomain(domainName, null); String currentAdUserNameEntry = configurationProvider.getConfigValue(ConfigValues.AdUserName); @@ -700,8 +702,7 @@ log.info("Creating kerberos configuration for domain(s): " + gssapiDomainsString); useDnsLookup = utilityConfiguration.getUseDnsLookup(); String domainRealmMappingFile = utilityConfiguration.getDomainRealmMappingFile(); - if (!args.contains(ARG_LDAP_SERVERS) && useDnsLookup - || args.contains(ARG_RESOLVE_KDC)) { + if (shouldResolveKdc()) { // Arguments do not contain a list of ldap servers, so the // kerberos configuration should not be created according to it if // useDnsLookup is set to true or resolve KDC argument was entered. @@ -724,6 +725,11 @@ } } + private boolean shouldResolveKdc() { + return !args.contains(ARG_LDAP_SERVERS) && useDnsLookup + || args.contains(ARG_RESOLVE_KDC); + } + private void checkKerberosConfiguration(String domainName, DomainsConfigurationEntry users, DomainsConfigurationEntry passwords, -- To view, visit http://gerrit.ovirt.org/32279 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ib3bb7cc049ad5b23127a505ff891b2d489a2caca Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Yair Zaslavsky <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
