LDAPCreate: allow callers to override objectclasses

LDAPCreate class explicitly allows use of --setattr/--addattr options to
pass-in additional configuration or override some of the framework
decisions. However, changes to objectclasses are ignored.

We have a number of plugins where additional attributes and their values
are generated at creation time. For example, ipa-sidgen plugin generates
ipaNTSecurityIdentifier value on LDAP ADD operation when objectclasses
include a specific object class and some other attributes (uidNumber,
gidNumber) do present in the LDAP mods.

Allow to override object-specific LDAP objectclasses by the
--setattr/--addattr option values.

Related: https://pagure.io/freeipa/issue/7953
Reviewed-By: Christian Heimes <cheimes@redhat.com>
This commit is contained in:
Alexander Bokovoy 2019-05-17 00:46:11 +03:00
parent 5230e2a12d
commit 53a0fa9130

View File

@ -1151,10 +1151,10 @@ class LDAPCreate(BaseLDAPCommand, crud.Create):
entry_attrs = ldap.make_entry(
dn, self.args_options_2_entry(*keys, **options))
self.process_attr_options(entry_attrs, None, keys, options)
entry_attrs['objectclass'] = deepcopy(self.obj.object_class)
self.process_attr_options(entry_attrs, None, keys, options)
if self.obj.object_class_config:
config = ldap.get_ipa_config()
entry_attrs['objectclass'] = config.get(