diff options
| -rw-r--r-- | perl/lib/Wallet/Config.pm | 14 | ||||
| -rw-r--r-- | perl/lib/Wallet/Kadmin/AD.pm | 14 | 
2 files changed, 23 insertions, 5 deletions
| diff --git a/perl/lib/Wallet/Config.pm b/perl/lib/Wallet/Config.pm index 5d40978..09db609 100644 --- a/perl/lib/Wallet/Config.pm +++ b/perl/lib/Wallet/Config.pm @@ -463,10 +463,22 @@ default PATH.  our $AD_MSKTUTIL = 'msktutil'; +=item AD_SERVICE_LENGTH + +The maximum length of a unique identifier, samAccountName, for Active +Directory keytab objects.  If the indentifier exceeds this length then +it will be trunciated and an integer will be appended to the end of +the identifier.  This parameter is here in hopes that at some point +in the future Microsoft will remove the limitation. + +=cut + +our $AD_SERVICE_LENGTH = '20'; +  =item AD_SERVICE_LIMIT  Used to limit the number of iterations used in attempting to find a -unique account name for service principals.  Defaults to 999. +unique account name for principals.  Defaults to 999.  =cut diff --git a/perl/lib/Wallet/Kadmin/AD.pm b/perl/lib/Wallet/Kadmin/AD.pm index 9749a2a..a599142 100644 --- a/perl/lib/Wallet/Kadmin/AD.pm +++ b/perl/lib/Wallet/Kadmin/AD.pm @@ -272,15 +272,21 @@ sub get_account_id {          $this_id =~ s/.*?=//xms;      } else {          my ($this_type, $this_cn) = split '/', $this_princ, 2; -        if ($Wallet::Config::AD_SERVICE_PREFIX && $this_type = 'service') { -            $this_cn = $Wallet::Config::AD_SERVICE_PREFIX . $this_cn; +        my $max_len; +        if ($this_type eq 'host') { +            $max_len = $Wallet::Config::AD_SERVICE_LENGTH - 1; +        } else { +            $max_len = $Wallet::Config::AD_SERVICE_LENGTH; +            if ($Wallet::Config::AD_SERVICE_PREFIX) { +                $this_cn = $Wallet::Config::AD_SERVICE_PREFIX . $this_cn; +            }          }          my $loop_limit = $Wallet::Config::AD_SERVICE_LIMIT; -        if (length($this_cn)>20) { +        if (length($this_cn)>$max_len) {              my $cnt = 0;              my $this_dn;              my $suffix_size = length("$loop_limit"); -            my $this_prefix = substr($this_cn, 0, 20-$suffix_size); +            my $this_prefix = substr($this_cn, 0, $max_len - $suffix_size);              my $this_format = "%0${suffix_size}i";              while ($cnt<$loop_limit) {                  $this_cn = $this_prefix . sprintf($this_format, $cnt); | 
