From 48a2962830eccfd28bc5d7f0541bf28e0a3ff7b1 Mon Sep 17 00:00:00 2001
From: Bill MacAllister <whm@dropbox.com>
Date: Wed, 1 Jun 2016 18:48:31 +0000
Subject: Update handling of long host names

---
 perl/lib/Wallet/Config.pm    | 14 +++++++++++++-
 perl/lib/Wallet/Kadmin/AD.pm | 14 ++++++++++----
 2 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/perl/lib/Wallet/Config.pm b/perl/lib/Wallet/Config.pm
index 5d40978..09db609 100644
--- a/perl/lib/Wallet/Config.pm
+++ b/perl/lib/Wallet/Config.pm
@@ -463,10 +463,22 @@ default PATH.
 
 our $AD_MSKTUTIL = 'msktutil';
 
+=item AD_SERVICE_LENGTH
+
+The maximum length of a unique identifier, samAccountName, for Active
+Directory keytab objects.  If the indentifier exceeds this length then
+it will be trunciated and an integer will be appended to the end of
+the identifier.  This parameter is here in hopes that at some point
+in the future Microsoft will remove the limitation.
+
+=cut
+
+our $AD_SERVICE_LENGTH = '20';
+
 =item AD_SERVICE_LIMIT
 
 Used to limit the number of iterations used in attempting to find a
-unique account name for service principals.  Defaults to 999.
+unique account name for principals.  Defaults to 999.
 
 =cut
 
diff --git a/perl/lib/Wallet/Kadmin/AD.pm b/perl/lib/Wallet/Kadmin/AD.pm
index 9749a2a..a599142 100644
--- a/perl/lib/Wallet/Kadmin/AD.pm
+++ b/perl/lib/Wallet/Kadmin/AD.pm
@@ -272,15 +272,21 @@ sub get_account_id {
         $this_id =~ s/.*?=//xms;
     } else {
         my ($this_type, $this_cn) = split '/', $this_princ, 2;
-        if ($Wallet::Config::AD_SERVICE_PREFIX && $this_type = 'service') {
-            $this_cn = $Wallet::Config::AD_SERVICE_PREFIX . $this_cn;
+        my $max_len;
+        if ($this_type eq 'host') {
+            $max_len = $Wallet::Config::AD_SERVICE_LENGTH - 1;
+        } else {
+            $max_len = $Wallet::Config::AD_SERVICE_LENGTH;
+            if ($Wallet::Config::AD_SERVICE_PREFIX) {
+                $this_cn = $Wallet::Config::AD_SERVICE_PREFIX . $this_cn;
+            }
         }
         my $loop_limit = $Wallet::Config::AD_SERVICE_LIMIT;
-        if (length($this_cn)>20) {
+        if (length($this_cn)>$max_len) {
             my $cnt = 0;
             my $this_dn;
             my $suffix_size = length("$loop_limit");
-            my $this_prefix = substr($this_cn, 0, 20-$suffix_size);
+            my $this_prefix = substr($this_cn, 0, $max_len - $suffix_size);
             my $this_format = "%0${suffix_size}i";
             while ($cnt<$loop_limit) {
                 $this_cn = $this_prefix . sprintf($this_format, $cnt);
-- 
cgit v1.2.3