From ae28abf7af8316a8193a70711ac0b84a5961fc66 Mon Sep 17 00:00:00 2001
From: Alexander Sulfrian <alex@spline.inf.fu-berlin.de>
Date: Tue, 19 Jan 2016 02:19:28 +0100
Subject: Check objectClass in is_service

All service accounts now have to have the serviceAccount object class.
---
 service_passwords.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/service_passwords.c b/service_passwords.c
index 8c5d465..9b8f52a 100644
--- a/service_passwords.c
+++ b/service_passwords.c
@@ -135,14 +135,11 @@ static char* is_service(const char *dn)
     char *service = NULL;
 
     Slapi_Entry *entry = NULL;
-    char *attrs[] = { "cn", NULL };
+    char *attrs[] = { "objectClass", "cn", NULL };
     Slapi_Attr *attr = NULL;
     struct berval **cn = NULL;
-
     int rc = 0;
 
-    /* TODO: check parent dn */
-
     rc |= get_entry(dn, attrs, &entry);
     if (rc != 0 || entry == NULL) {
         /* dn not found */
@@ -150,6 +147,13 @@ static char* is_service(const char *dn)
         goto fail1;
     }
 
+    if (slapi_entry_attr_hasvalue(
+            entry, "objectClass", "serviceAccount") == 0) {
+        /* no serviceAccount */
+        service = NULL;
+        goto fail1;
+    }
+
     rc |= slapi_entry_attr_find(entry, "cn", &attr);
     if (rc != 0 || attr == NULL) {
         /* no cn attribute */
-- 
cgit v1.2.3-1-g7c22