diff --git a/xCAT-server/lib/perl/xCAT/Template.pm b/xCAT-server/lib/perl/xCAT/Template.pm index 56d8712c7..a0cb242ac 100644 --- a/xCAT-server/lib/perl/xCAT/Template.pm +++ b/xCAT-server/lib/perl/xCAT/Template.pm @@ -383,7 +383,7 @@ sub windows_join_data { my $doment; my $domaintab = xCAT::Table->new('domain',-create=>0); if ($domaintab) { - $doment = $domaintab->getNodeAttribs($node,['ou','type','authdomain'],prefetchcache=>1); + $doment = $domaintab->getNodeAttribs($node,['ou','type','authdomain','adminuser','adminpassword'],prefetchcache=>1); } unless ($::XCATSITEVALS{directoryprovider} eq "activedirectory" or ($doment and $doment->{type} eq "activedirectory")) { return ""; @@ -418,22 +418,30 @@ sub windows_join_data { $componentxml .= "".$adinfo->{password}."\ntrue\n"; } else { #this is the pass-through credentials case, currrently inaccessible until TODO, this must be used #with care as used incorrectly, an LDAP manager account is at high risk of compromise - my $passtab = xCAT::Table->new('passwd',-create=>0); - unless ($passtab) { sendmsg([1,"Error authenticating to Active Directory"],$node); return; } - my @adpents = $passtab->getAttribs({key=>'activedirectory'},['username','password','authdomain']); - my $adpent; - my $username; - my $password; - foreach $adpent (@adpents) { - if ($adpent and $adpent->{authdomain} and $adpent->{authdomain} ne $domain) { next; } - if ($adpent and $adpent->{username} and $adpent->{password}) { - $username = $adpent->{username}; - $password = $adpent->{password}; - last; + my $adminuser; + my $adminpass; + if ($doment and $doment->{adminuser}) { + $adminuser = $doment->{adminuser}; + } + if ($doment and $doment->{adminpassword}) { + $adminpass = $doment->{adminpassword}; + } + unless ($adminuser and $adminpass) { + my $passtab = xCAT::Table->new('passwd',-create=>0); + unless ($passtab) { sendmsg([1,"Error authenticating to Active Directory"],$node); return; } + my @adpents = $passtab->getAttribs({key=>'activedirectory'},['username','password','authdomain']); + my $adpent; + foreach $adpent (@adpents) { + if ($adpent and $adpent->{authdomain} and $adpent->{authdomain} ne $domain) { next; } + if ($adpent and $adpent->{username} and $adpent->{password}) { + $adminuser = $adpent->{username}; + $adminpass = $adpent->{password}; + last; + } } } - unless ($username and $password) { die "Missing active directory admin auth data from passwd table" } - $componentxml .= "".$domain."\r\n".$username."\r\n".$password."\r\n\r\n"; + unless ($adminuser and $adminpass) { die "Missing active directory admin auth data from passwd table" } + $componentxml .= "".$domain."\r\n".$adminuser."\r\n".$adminpass."\r\n\r\n"; } $componentxml .= "\r\n\r\n";