Make a copy of objectclasses so a call can't update them globally.

In the host plugin we may change the default objectclasses based on
the options selected. This was affecting it globally and causing
subsequent calls to fail.

ipalib/plugins/baseldap.py

@@ -23,6 +23,7 @@ Base classes for LDAP plugins.
 import re
 import json
 import time
+from copy import deepcopy
 
 from ipalib import api, crud, errors
 from ipalib import Method, Object
@@ -504,7 +505,7 @@ class LDAPCreate(CallbackInterface, crud.Create):
         ldap = self.obj.backend
 
         entry_attrs = self.args_options_2_entry(*keys, **options)
-        entry_attrs['objectclass'] = self.obj.object_class
+        entry_attrs['objectclass'] = deepcopy(self.obj.object_class)
 
         if self.obj.object_class_config:
             config = ldap.get_ipa_config()[1]

ipalib/plugins/host.py

@@ -323,15 +323,15 @@ class host_add(LDAPCreate):
             entry_attrs['krbprincipalname'] = 'host/%s@%s' % (
                 keys[-1], self.api.env.realm
             )
+            if 'krbprincipalaux' not in entry_attrs:
+                entry_attrs['objectclass'].append('krbprincipalaux')
             if 'krbprincipal' not in entry_attrs:
                 entry_attrs['objectclass'].append('krbprincipal')
-            if 'krbprincipal' not in entry_attrs:
-                entry_attrs['objectclass'].append('krbprincipalaux')
         else:
-            if 'krbprincipal' in entry_attrs['objectclass']:
-                entry_attrs['objectclass'].remove('krbprincipal')
             if 'krbprincipalaux' in entry_attrs['objectclass']:
                 entry_attrs['objectclass'].remove('krbprincipalaux')
+            if 'krbprincipal' in entry_attrs['objectclass']:
+                entry_attrs['objectclass'].remove('krbprincipal')
         if 'random' in options:
             if options.get('random'):
                 entry_attrs['userpassword'] = ipa_generate_password()