From 4932a9c98264d177b5811caa618c04e7490b249b Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Thu, 29 Jul 2021 17:55:52 -0400 Subject: [PATCH] Don't assume that plugin attributes and objectclasses are lowercase A user wrote their own plugin to add custom attributes which was failing with an incorrect error that the attribute wasn't allowed. It wasn't allowed because it wasn't being treated as case-insensitive so wasn't being found in the schema. https://pagure.io/freeipa/issue/8415 Signed-off-by: Rob Crittenden Reviewed-By: Florence Blanc-Renaud --- ipaserver/plugins/config.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ipaserver/plugins/config.py b/ipaserver/plugins/config.py index 3526153ec..ad3dd6a7f 100644 --- a/ipaserver/plugins/config.py +++ b/ipaserver/plugins/config.py @@ -534,14 +534,14 @@ class config_mod(LDAPUpdate): checked_attrs = checked_attrs + [self.api.Object[obj].uuid_attribute] for obj_attr in checked_attrs: obj_attr, _unused1, _unused2 = obj_attr.partition(';') - if obj_attr in OPERATIONAL_ATTRIBUTES: + if obj_attr.lower() in OPERATIONAL_ATTRIBUTES: continue - if obj_attr in self.api.Object[obj].params and \ + if obj_attr.lower() in self.api.Object[obj].params and \ 'virtual_attribute' in \ - self.api.Object[obj].params[obj_attr].flags: + self.api.Object[obj].params[obj_attr.lower()].flags: # skip virtual attributes continue - if obj_attr not in new_allowed_attrs: + if obj_attr.lower() not in new_allowed_attrs: raise errors.ValidationError(name=attr, error=_('%(obj)s default attribute %(attr)s would not be allowed!') \ % dict(obj=obj, attr=obj_attr))