IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

certprofile: prevent rename (modrdn)

Browse Source 
Fixes: https://fedorahosted.org/freeipa/ticket/5247
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Fraser Tweedale
2015-08-24 20:25:10 -04:00
committed by Petr Vobornik
parent 8676364ae8
commit 5c7d6a6a31
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ipalib/plugins/certprofile.py
View File

@@ -323,8 +323,9 @@ class certprofile_mod(LDAPUpdate):
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
ca_enabled_check() ca_enabled_check()
# Once a profile id is set it cannot be changed # Once a profile id is set it cannot be changed
if 'cn' in entry_attrs: if 'rename' in options or 'cn' in entry_attrs:
raise errors.ACIError(info=_('cn is immutable')) raise errors.ProtectedEntryError(label='certprofile', key=keys[0],
reason=_('Certificate profiles cannot be renamed'))
if 'file' in options: if 'file' in options:
with self.api.Backend.ra_certprofile as profile_api: with self.api.Backend.ra_certprofile as profile_api:
profile_api.disable_profile(keys[0]) profile_api.disable_profile(keys[0])