mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-26 16:16:31 -06:00
LDAPCreate: allow callers to override objectclasses
LDAPCreate class explicitly allows use of --setattr/--addattr options to pass-in additional configuration or override some of the framework decisions. However, changes to objectclasses are ignored. We have a number of plugins where additional attributes and their values are generated at creation time. For example, ipa-sidgen plugin generates ipaNTSecurityIdentifier value on LDAP ADD operation when objectclasses include a specific object class and some other attributes (uidNumber, gidNumber) do present in the LDAP mods. Allow to override object-specific LDAP objectclasses by the --setattr/--addattr option values. Related: https://pagure.io/freeipa/issue/7953 Reviewed-By: Christian Heimes <cheimes@redhat.com>
This commit is contained in:
parent
5230e2a12d
commit
53a0fa9130
@ -1151,10 +1151,10 @@ class LDAPCreate(BaseLDAPCommand, crud.Create):
|
||||
entry_attrs = ldap.make_entry(
|
||||
dn, self.args_options_2_entry(*keys, **options))
|
||||
|
||||
self.process_attr_options(entry_attrs, None, keys, options)
|
||||
|
||||
entry_attrs['objectclass'] = deepcopy(self.obj.object_class)
|
||||
|
||||
self.process_attr_options(entry_attrs, None, keys, options)
|
||||
|
||||
if self.obj.object_class_config:
|
||||
config = ldap.get_ipa_config()
|
||||
entry_attrs['objectclass'] = config.get(
|
||||
|
Loading…
Reference in New Issue
Block a user