IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-28 09:06:44 -06:00
Code Issues Packages Projects Releases Wiki Activity

Raise ValidationError when adding unallowed attribute to search fields.

Browse Source 
Ticket #845
This commit is contained in:
Pavel Zuna 2011-01-25 15:25:52 -05:00 committed by Rob Crittenden
parent c9ab92f210
commit 3dae8f18a6
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
ipalib/plugins/config.py
View File

@ -195,6 +195,22 @@ class config_mod(LDAPUpdate):
api.Command['group_show'](group) api.Command['group_show'](group)
except errors.NotFound: except errors.NotFound:
raise errors.NotFound(message=unicode("The group doesn't exist")) raise errors.NotFound(message=unicode("The group doesn't exist"))
kw = {}
if 'ipausersearchfields' in entry_attrs:
kw['ipausersearchfields'] = 'ipauserobjectclasses'
if 'ipagroupsearchfields' in entry_attrs:
kw['ipagroupsearchfields'] = 'ipagroupobjectclasses'
if kw:
config = ldap.get_ipa_config(kw.values())
for (k, v) in kw.iteritems():
allowed_attrs = ldap.get_allowed_attributes(config[1][v])
fields = entry_attrs[k].split(',')
for a in fields:
a = a.strip()
if a not in allowed_attrs:
raise errors.ValidationError(
name=k, error='attribute "%s" not allowed' % a
)
return dn return dn
api.register(config_mod) api.register(config_mod)