mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 23:50:03 -06:00
Don't allow managed groups to have group password policy.
UPG cannot have members and we use memberOf in class of service to determine which policy to apply. ticket 160
This commit is contained in:
parent
c1dfb50ee9
commit
7486ead6c9
@ -1095,6 +1095,21 @@ class ManagedGroupError(ExecutionError):
|
||||
errno = 4020
|
||||
format = _('Deleting a managed group is not allowed. It must be detached first.')
|
||||
|
||||
class ManagedPolicyError(ExecutionError):
|
||||
"""
|
||||
**4021** Raised when password policy is assigned to a managed group
|
||||
|
||||
For example:
|
||||
|
||||
>>> raise ManagedPolicyError()
|
||||
Traceback (most recent call last):
|
||||
...
|
||||
ManagedPolicyError: A managed group cannot have a password policy.
|
||||
"""
|
||||
|
||||
errno = 4021
|
||||
format = _('A managed group cannot have a password policy.')
|
||||
|
||||
class BuiltinError(ExecutionError):
|
||||
"""
|
||||
**4100** Base class for builtin execution errors (*4100 - 4199*).
|
||||
|
@ -115,7 +115,10 @@ class cosentry_add(LDAPCreate):
|
||||
|
||||
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
|
||||
# check for existence of the group
|
||||
self.api.Command.group_show(keys[-1])
|
||||
result = self.api.Command.group_show(keys[-1], all=True)['result']
|
||||
oc = map(lambda x:x.lower(),result['objectclass'])
|
||||
if 'mepmanagedentry' in oc:
|
||||
raise errors.ManagedPolicyError()
|
||||
self.obj.check_priority_uniqueness(*keys, **options)
|
||||
del entry_attrs['cn']
|
||||
return dn
|
||||
|
@ -149,7 +149,18 @@ class test_pwpolicy(XMLRPC_test):
|
||||
entry = api.Command['pwpolicy_mod'](self.group, krbminpwdlife=50)['result']
|
||||
assert_attr_equal(entry, 'krbminpwdlife', '50')
|
||||
|
||||
def test_a_pwpolicy_del(self):
|
||||
def test_a_pwpolicy_managed(self):
|
||||
"""
|
||||
Test adding password policy to a managed group.
|
||||
"""
|
||||
try:
|
||||
entry = api.Command['pwpolicy_add'](self.user, krbminpwdlife=50, cospriority=2)['result']
|
||||
except errors.ManagedPolicyError:
|
||||
pass
|
||||
else:
|
||||
assert False
|
||||
|
||||
def test_b_pwpolicy_del(self):
|
||||
"""
|
||||
Test the `xmlrpc.pwpolicy_del` method.
|
||||
"""
|
||||
|
Loading…
Reference in New Issue
Block a user