Package: migrationtools
Version: 47-6
Severity: important
Tags: patch
migrate_passwd.pl generates ldif with incompatible kerberos attributes
according to related kerberos schema from package krb5-kdc-ldap. Ldif
import will fail, due to invalid objectclass combination and invalid
kerberos attribute krb5PrincipalName.
migrate_passwd.pl should use "auxiliary" objectClass krbPrincipalAux
instead of krb5Principal and attribute krbPrincipalName instead of
krb5PrincipalName.
-- System Information:
Debian Release: 5.0.3
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-2-xen-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages migrationtools depends on:
ii ldap-utils [openldap-uti 2.4.11-1 OpenLDAP utilities
ii perl 5.10.0-19lenny2 Larry Wall's Practical Extraction
migrationtools recommends no packages.
Versions of packages migrationtools suggests:
ii slapd 2.4.11-1 OpenLDAP server (slapd)
-- no debconf information
*** migrate_passwd.pl 2008-06-29 14:47:21.000000000 +0200
--- migrate_passwd1.pl 2009-11-28 20:57:44.000000000 +0100
***************
*** 122,128 ****
print $HANDLE "objectClass: top\n";
if ($DEFAULT_REALM) {
! print $HANDLE "objectClass: krb5Principal\n";
}
if ($shadowUsers{$user} ne "") {
--- 122,128 ----
print $HANDLE "objectClass: top\n";
if ($DEFAULT_REALM) {
! print $HANDLE "objectClass: krbPrincipalAux\n";
}
if ($shadowUsers{$user} ne "") {
***************
*** 132,138 ****
}
if ($DEFAULT_REALM) {
! print $HANDLE "krb5PrincipalName: $us...@$default_realm\n";
}
if ($shell) {
--- 132,138 ----
}
if ($DEFAULT_REALM) {
! print $HANDLE "krbPrincipalName: $us...@$default_realm\n";
}
if ($shell) {
