Do not change LDAPObject objectclass list

__json__ method of LDAPObject may inadvertently append a list of possible objectclasses to a list of basic objectclasses and thus change a behavior of all subsequent LDAPSearch command. The command may only return objects where all "possible" objectclasses are present and thus returning an incomplete list. Make sure that the LDAPObject object_class list is not modified during the __json__ method. https://fedorahosted.org/freeipa/ticket/2906
2025-02-25 18:55:28 -06:00 · 2012-07-09 14:27:07 +02:00
parent 0ffb2022fe
commit 5ba8eeb970
1 changed files with 1 additions and 1 deletions
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -635,7 +635,7 @@ class LDAPObject(Object):
            objectclasses = config.get(
                self.object_class_config, objectclasses
            )
-        objectclasses += self.possible_objectclasses
+        objectclasses = objectclasses + self.possible_objectclasses
        # Get list of available attributes for this object for use
        # in the ACI UI.
        attrs = self.api.Backend.ldap2.schema.attribute_types(objectclasses)