diff --git a/xCAT-server/lib/perl/xCAT/Template.pm b/xCAT-server/lib/perl/xCAT/Template.pm
index 56d8712c7..a0cb242ac 100644
--- a/xCAT-server/lib/perl/xCAT/Template.pm
+++ b/xCAT-server/lib/perl/xCAT/Template.pm
@@ -383,7 +383,7 @@ sub windows_join_data {
my $doment;
my $domaintab = xCAT::Table->new('domain',-create=>0);
if ($domaintab) {
- $doment = $domaintab->getNodeAttribs($node,['ou','type','authdomain'],prefetchcache=>1);
+ $doment = $domaintab->getNodeAttribs($node,['ou','type','authdomain','adminuser','adminpassword'],prefetchcache=>1);
}
unless ($::XCATSITEVALS{directoryprovider} eq "activedirectory" or ($doment and $doment->{type} eq "activedirectory")) {
return "";
@@ -418,22 +418,30 @@ sub windows_join_data {
$componentxml .= "".$adinfo->{password}."\ntrue\n";
} else { #this is the pass-through credentials case, currrently inaccessible until TODO, this must be used
#with care as used incorrectly, an LDAP manager account is at high risk of compromise
- my $passtab = xCAT::Table->new('passwd',-create=>0);
- unless ($passtab) { sendmsg([1,"Error authenticating to Active Directory"],$node); return; }
- my @adpents = $passtab->getAttribs({key=>'activedirectory'},['username','password','authdomain']);
- my $adpent;
- my $username;
- my $password;
- foreach $adpent (@adpents) {
- if ($adpent and $adpent->{authdomain} and $adpent->{authdomain} ne $domain) { next; }
- if ($adpent and $adpent->{username} and $adpent->{password}) {
- $username = $adpent->{username};
- $password = $adpent->{password};
- last;
+ my $adminuser;
+ my $adminpass;
+ if ($doment and $doment->{adminuser}) {
+ $adminuser = $doment->{adminuser};
+ }
+ if ($doment and $doment->{adminpassword}) {
+ $adminpass = $doment->{adminpassword};
+ }
+ unless ($adminuser and $adminpass) {
+ my $passtab = xCAT::Table->new('passwd',-create=>0);
+ unless ($passtab) { sendmsg([1,"Error authenticating to Active Directory"],$node); return; }
+ my @adpents = $passtab->getAttribs({key=>'activedirectory'},['username','password','authdomain']);
+ my $adpent;
+ foreach $adpent (@adpents) {
+ if ($adpent and $adpent->{authdomain} and $adpent->{authdomain} ne $domain) { next; }
+ if ($adpent and $adpent->{username} and $adpent->{password}) {
+ $adminuser = $adpent->{username};
+ $adminpass = $adpent->{password};
+ last;
+ }
}
}
- unless ($username and $password) { die "Missing active directory admin auth data from passwd table" }
- $componentxml .= "".$domain."\r\n".$username."\r\n".$password."\r\n\r\n";
+ unless ($adminuser and $adminpass) { die "Missing active directory admin auth data from passwd table" }
+ $componentxml .= "".$domain."\r\n".$adminuser."\r\n".$adminpass."\r\n\r\n";
}
$componentxml .= "\r\n\r\n";