Check if kerberos auth is enabled before creating the kerberos principal in LDAPStorageProvider

- prevents misleading warn messages from being logged

Closes #25294

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
This commit is contained in:
Stefan Guilhen 2024-02-16 09:58:07 -03:00 committed by Alexander Schwartz
parent c30b9545ef
commit 143ccbfa15

View file

@ -676,7 +676,7 @@ public class LDAPStorageProvider implements UserStorageProvider,
if(getLdapIdentityStore().getConfig().isTrustEmail()){
imported.setEmailVerified(true);
}
if (kerberosConfig.getKerberosPrincipalAttribute() != null) {
if (kerberosConfig.isAllowKerberosAuthentication() && kerberosConfig.getKerberosPrincipalAttribute() != null) {
String kerberosPrincipal = ldapUser.getAttributeAsString(kerberosConfig.getKerberosPrincipalAttribute());
if (kerberosPrincipal == null) {
logger.warnf("Kerberos principal attribute not found on LDAP user [%s]. Configured kerberos principal attribute name is [%s]", ldapUser.getDn(), kerberosConfig.getKerberosPrincipalAttribute());