config-mod: normalize attribute names for --usersearch/--groupsearch

https://fedorahosted.org/freeipa/ticket/6236 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2025-02-25 18:55:28 -06:00 · 2016-08-22 10:14:20 +02:00
parent c9419411c9
commit 3ac2709f4b
2 changed files with 38 additions and 3 deletions
--- a/ipaserver/plugins/config.py
+++ b/ipaserver/plugins/config.py
@@ -288,14 +288,18 @@ class config_mod(LDAPUpdate):
            config = ldap.get_ipa_config(list(kw.values()))
            for (k, v) in kw.items():
                allowed_attrs = ldap.get_allowed_attributes(config[v])
-                fields = entry_attrs[k].split(',')
-                for a in fields:
-                    a = a.strip()
+                # normalize attribute names
+                attributes = [field.strip().lower()
+                              for field in entry_attrs[k].split(',')]
+                # test if all base types (without sub-types) are allowed
+                for a in attributes:
                    a, tomato, olive = a.partition(';')
                    if a not in allowed_attrs:
                        raise errors.ValidationError(
                            name=k, error=_('attribute "%s" not allowed') % a
                        )
+            # write normalized form to LDAP
+            entry_attrs[k] = ','.join(attributes)

        # Set ipasearchrecordslimit to -1 if 0 is used
        if 'ipasearchrecordslimit' in entry_attrs:
--- a/ipatests/test_xmlrpc/test_config_plugin.py
+++ b/ipatests/test_xmlrpc/test_config_plugin.py
@@ -64,6 +64,37 @@ class test_config(Declarative):
            expected=errors.RequirementError(name='usersearch'),
        ),

+        dict(
+            desc='Add uppercased attribute to ipausersearchfields',
+            command=('config_mod', [], dict(
+                ipausersearchfields=
+                u'uid,givenname,sn,telephonenumber,ou,title,Description')
+            ),
+            expected=dict(
+                result=lambda d: (
+                    d['ipausersearchfields'] ==
+                    (u'uid,givenname,sn,telephonenumber,ou,title,description',)
+                ),
+                value=None,
+                summary=None,
+                ),
+        ),
+
+        dict(
+            desc='Remove uppercased attribute from ipausersearchfields',
+            command=('config_mod', [], dict(
+                     ipausersearchfields=
+                     u'uid,givenname,sn,telephonenumber,ou,title',)),
+            expected=dict(
+                result=lambda d: (
+                    d['ipausersearchfields'] ==
+                    (u'uid,givenname,sn,telephonenumber,ou,title',)
+                ),
+                value=None,
+                summary=None,
+                ),
+        ),
+
        dict(
            desc='Try to set ipaselinuxusermapdefault not in selinux order list',
            command=('config_mod', [],