From 7d217c8c9b6f9703b46a42ecbd55b4ca32868795 Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka <slaznick@redhat.com>
Date: Aug 11 2017 10:09:44 +0000
Subject: host, service: fix adding host/svc with a cert


ipaldap.LDAPEntry expects that entry attributes, if multi-valued,
are lists.

The recent cert refactoring made it possible to pass certificate
values from options directly to LDAPEntry. This should now be
handled in appropriate general way in baseldap.LDAPCreate
since if options.get() is called, it returns tuple instead
of list which confuses ipaldap.

https://pagure.io/freeipa/issue/7077

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>

---

diff --git a/ipaserver/plugins/host.py b/ipaserver/plugins/host.py
index 672966e..88e2a32 100644
--- a/ipaserver/plugins/host.py
+++ b/ipaserver/plugins/host.py
@@ -691,7 +691,6 @@ class host_add(LDAPCreate):
             # save the password so it can be displayed in post_callback
             setattr(context, 'randompassword', entry_attrs['userpassword'])
 
-        entry_attrs['usercertificate'] = options.get('usercertificate', [])
         entry_attrs['managedby'] = dn
         entry_attrs['objectclass'].append('ieee802device')
         entry_attrs['objectclass'].append('ipasshhost')
diff --git a/ipaserver/plugins/service.py b/ipaserver/plugins/service.py
index 0ec71ce..ff8f6be 100644
--- a/ipaserver/plugins/service.py
+++ b/ipaserver/plugins/service.py
@@ -623,8 +623,6 @@ class service_add(LDAPCreate):
 
         self.obj.validate_ipakrbauthzdata(entry_attrs)
 
-        entry_attrs['usercertificate'] = options.get('usercertificate', [])
-
         if not options.get('force', False):
             # We know the host exists if we've gotten this far but we
             # really want to discourage creating services for hosts that