From 01ddf51df76f3298499973355c5461727e46ab5b Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Dec 07 2015 07:14:13 +0000
Subject: custodia: do not modify memberPrincipal on key update


https://fedorahosted.org/freeipa/ticket/5401

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>

---

diff --git a/ipapython/secrets/kem.py b/ipapython/secrets/kem.py
index 2a5f384..1025ed7 100644
--- a/ipapython/secrets/kem.py
+++ b/ipapython/secrets/kem.py
@@ -122,8 +122,7 @@ class KEMLdap(iSecLdap):
             conn.add_s(dn, mods)
         except Exception:  # pylint: disable=broad-except
             # This may fail if the entry already exists
-            mods = [(ldap.MOD_REPLACE, 'memberPrincipal', principal),
-                    (ldap.MOD_REPLACE, 'ipaPublicKey', public_key)]
+            mods = [(ldap.MOD_REPLACE, 'ipaPublicKey', public_key)]
             conn.modify_s(dn, mods)