accounts: Allow adding/deleting keys when user does not have any other keys

[ipfire.org.git] / src / backend / accounts.py

diff --git a/src/backend/accounts.py b/src/backend/accounts.py
index 215bfede6dfd09b95e3af0336c40ee3fd9e2e412..fb0f52a0436178466dcd77bce8df7682930c1bd3 100644 (file)
--- a/src/backend/accounts.py
+++ b/src/backend/accounts.py
@@ -677,8 +677,18 @@ class Account(Object):
                        logging.debug("SSH Key has already been added for %s: %s" % (self, key))
                        return
 
+               # Prepare transaction
+               modlist = []
+
+               # Add object class if user is not in it, yet
+               if not "ldapPublicKey" in self.classes:
+                       modlist.append((ldap.MOD_ADD, "objectClass", b"ldapPublicKey"))
+
+               # Add key
+               modlist.append((ldap.MOD_ADD, "sshPublicKey", key.encode()))
+
                # Save key to LDAP
-               self._add_string("sshPublicKey", key)
+               self._modify(modlist)
 
                # Append to cache
                self.ssh_keys.append(k)
@@ -688,7 +698,13 @@ class Account(Object):
                        return
 
                # Delete key from LDAP
-               self._delete_string("sshPublicKey", key)
+               if len(self.ssh_keys) > 1:
+                       self._delete_string("sshPublicKey", key)
+               else:
+                       self._modify([
+                               (ldap.MOD_DELETE, "objectClass", b"ldapPublicKey"),
+                               (ldap.MOD_DELETE, "sshPublicKey", key.encode()),
+                       ])
 
 
 if __name__ == "__main__":