Check objectClass in is_service

All service accounts now have to have the serviceAccount object class.

1 files changed, 8 insertions, 4 deletions

diff --git a/service_passwords.c b/service_passwords.c
index 8c5d465..9b8f52a 100644
--- a/service_passwords.c
+++ b/service_passwords.c
@@ -135,14 +135,11 @@ static char* is_service(const char *dn)
     char *service = NULL;
 
     Slapi_Entry *entry = NULL;
-    char *attrs[] = { "cn", NULL };
+    char *attrs[] = { "objectClass", "cn", NULL };
     Slapi_Attr *attr = NULL;
     struct berval **cn = NULL;
-
     int rc = 0;
 
-    /* TODO: check parent dn */
-
     rc |= get_entry(dn, attrs, &entry);
     if (rc != 0 || entry == NULL) {
         /* dn not found */
@@ -150,6 +147,13 @@ static char* is_service(const char *dn)
         goto fail1;
     }
 
+    if (slapi_entry_attr_hasvalue(
+            entry, "objectClass", "serviceAccount") == 0) {
+        /* no serviceAccount */
+        service = NULL;
+        goto fail1;
+    }
+
     rc |= slapi_entry_attr_find(entry, "cn", &attr);
     if (rc != 0 || attr == NULL) {
         /* no cn attribute */