Don't allow managed groups to have group password policy.

UPG cannot have members and we use memberOf in class of service to determine
which policy to apply.

ticket 160
This commit is contained in:
Rob Crittenden 2010-10-26 14:31:00 -04:00
parent c1dfb50ee9
commit 7486ead6c9
3 changed files with 31 additions and 2 deletions

View File

@ -1095,6 +1095,21 @@ class ManagedGroupError(ExecutionError):
errno = 4020
format = _('Deleting a managed group is not allowed. It must be detached first.')
class ManagedPolicyError(ExecutionError):
"""
**4021** Raised when password policy is assigned to a managed group
For example:
>>> raise ManagedPolicyError()
Traceback (most recent call last):
...
ManagedPolicyError: A managed group cannot have a password policy.
"""
errno = 4021
format = _('A managed group cannot have a password policy.')
class BuiltinError(ExecutionError):
"""
**4100** Base class for builtin execution errors (*4100 - 4199*).

View File

@ -115,7 +115,10 @@ class cosentry_add(LDAPCreate):
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
# check for existence of the group
self.api.Command.group_show(keys[-1])
result = self.api.Command.group_show(keys[-1], all=True)['result']
oc = map(lambda x:x.lower(),result['objectclass'])
if 'mepmanagedentry' in oc:
raise errors.ManagedPolicyError()
self.obj.check_priority_uniqueness(*keys, **options)
del entry_attrs['cn']
return dn

View File

@ -149,7 +149,18 @@ class test_pwpolicy(XMLRPC_test):
entry = api.Command['pwpolicy_mod'](self.group, krbminpwdlife=50)['result']
assert_attr_equal(entry, 'krbminpwdlife', '50')
def test_a_pwpolicy_del(self):
def test_a_pwpolicy_managed(self):
"""
Test adding password policy to a managed group.
"""
try:
entry = api.Command['pwpolicy_add'](self.user, krbminpwdlife=50, cospriority=2)['result']
except errors.ManagedPolicyError:
pass
else:
assert False
def test_b_pwpolicy_del(self):
"""
Test the `xmlrpc.pwpolicy_del` method.
"""