Description of problem:
ipa-client-samba utility creates cifs service, which is not listed by "ipa
service-find", though it can be viewed using "ipa service-show"


Version-Release number of selected component (if applicable):
freeipa-server-4.8.0-1.fc30.x86_64

How reproducible:
Always


Steps to Reproduce:
1. Setup topology: install ipa server, run ipa-adtrust-install on server, setup
ipa client.
2. run ipa-client-samba on client
3. run ipa service-find

Actual results:
cifs service for client is not listed

Expected results:
record for principal cifs/client1.testrelm.test@TESTRELM.TEST in output


Additional info:
"ipa service-show cifs/client1.testrelm.test@TESTRELM.TEST" shows the desired
service.

Extract from /var/log/dirsrv/slapd-TESTRELM-TEST/access captured during
execution of ipa service-find:
SRCH base="cn=services,cn=accounts,dc=testrelm,dc=test" scope=1 filter="(&(&(ob
jectClass=ipaService)(!(objectClass=posixAccount))(!(|(krbPrincipalName=kadmin/
*)(krbPrincipalName=K/M@*)(krbPrincipalName=krbtgt/*))))(&(objectClass=krbprinc
ipal)(objectClass=krbprincipalaux)(objectClass=krbticketpolicyaux)(objectClass=
ipaobject)(objectClass=ipaservice)(objectClass=pkiuser)))"
attrs="userCertificate krbPrincipalName ipaKrbAuthzData ipaAllowedToPerform
krbPrincipalAuthInd krbCanonicalName"

Thing to note here is "!(objectClass=posixAccount)"
And as the service record contains this objectClass, the record is removed from
search results:
ipa service-show cifs/client1.testrelm.test@TESTRELM.TEST --raw --all
  dn: krbprincipalname=cifs/client1.testrelm.test@TESTRELM.TEST,cn=services,cn=
accounts,dc=testrelm,dc=test
  krbcanonicalname: cifs/client1.testrelm.test@TESTRELM.TEST
...
  objectClass: posixaccount
...


The filter was introduced in commit 789fec4381 in year 2009.