mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
LDAPCreate: allow callers to override objectclasses
LDAPCreate class explicitly allows use of --setattr/--addattr options to pass-in additional configuration or override some of the framework decisions. However, changes to objectclasses are ignored. We have a number of plugins where additional attributes and their values are generated at creation time. For example, ipa-sidgen plugin generates ipaNTSecurityIdentifier value on LDAP ADD operation when objectclasses include a specific object class and some other attributes (uidNumber, gidNumber) do present in the LDAP mods. Allow to override object-specific LDAP objectclasses by the --setattr/--addattr option values. Related: https://pagure.io/freeipa/issue/7953 Reviewed-By: Christian Heimes <cheimes@redhat.com>
This commit is contained in:
parent
5230e2a12d
commit
53a0fa9130
@ -1151,10 +1151,10 @@ class LDAPCreate(BaseLDAPCommand, crud.Create):
|
|||||||
entry_attrs = ldap.make_entry(
|
entry_attrs = ldap.make_entry(
|
||||||
dn, self.args_options_2_entry(*keys, **options))
|
dn, self.args_options_2_entry(*keys, **options))
|
||||||
|
|
||||||
self.process_attr_options(entry_attrs, None, keys, options)
|
|
||||||
|
|
||||||
entry_attrs['objectclass'] = deepcopy(self.obj.object_class)
|
entry_attrs['objectclass'] = deepcopy(self.obj.object_class)
|
||||||
|
|
||||||
|
self.process_attr_options(entry_attrs, None, keys, options)
|
||||||
|
|
||||||
if self.obj.object_class_config:
|
if self.obj.object_class_config:
|
||||||
config = ldap.get_ipa_config()
|
config = ldap.get_ipa_config()
|
||||||
entry_attrs['objectclass'] = config.get(
|
entry_attrs['objectclass'] = config.get(
|
||||||
|
Loading…
Reference in New Issue
Block a user