From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sun, 11 Nov 2018 16:59:52 +0000 (+0000)
Subject: accounts: Allow adding/deleting keys when user does not have any other keys
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cc27cb63dd1972b0df0242c4679012db27c17485;p=ipfire.org.git

accounts: Allow adding/deleting keys when user does not have any other keys

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/backend/accounts.py b/src/backend/accounts.py
index 215bfede..fb0f52a0 100644
--- a/src/backend/accounts.py
+++ b/src/backend/accounts.py
@@ -677,8 +677,18 @@ class Account(Object):
 			logging.debug("SSH Key has already been added for %s: %s" % (self, key))
 			return
 
+		# Prepare transaction
+		modlist = []
+
+		# Add object class if user is not in it, yet
+		if not "ldapPublicKey" in self.classes:
+			modlist.append((ldap.MOD_ADD, "objectClass", b"ldapPublicKey"))
+
+		# Add key
+		modlist.append((ldap.MOD_ADD, "sshPublicKey", key.encode()))
+
 		# Save key to LDAP
-		self._add_string("sshPublicKey", key)
+		self._modify(modlist)
 
 		# Append to cache
 		self.ssh_keys.append(k)
@@ -688,7 +698,13 @@ class Account(Object):
 			return
 
 		# Delete key from LDAP
-		self._delete_string("sshPublicKey", key)
+		if len(self.ssh_keys) > 1:
+			self._delete_string("sshPublicKey", key)
+		else:
+			self._modify([
+				(ldap.MOD_DELETE, "objectClass", b"ldapPublicKey"),
+				(ldap.MOD_DELETE, "sshPublicKey", key.encode()),
+			])
 
 
 if __name__ == "__main__":