IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Do not ask for memberindirect when updating managed permissions

Browse Source 
One of the default_attributes of permission is memberofindirect,
a virtual attribute manufactured by ldap2, which is set when a permission
is part of a role.
When update_entry is called on an entry with memberofindirect,
ipaldap tries to add the attribute to LDAP and fails with an objectclass
violation.

Do not ask for memberindirect when retrieving the entry.

Reviewed-By: Martin Kosek <mkosek@redhat.com>
This commit is contained in:
Petr Viktorin 2014-04-11 12:09:32 +02:00
parent adde918f38
commit 81b0e7466d
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ipaserver/install/plugins/update_managed_permissions.py
View File

@ -133,7 +133,8 @@ class update_managed_permissions(PostUpdate):
dn = self.api.Object[permission].get_dn(name)
try:
attrs_list = self.api.Object[permission].default_attributes
attrs_list = list(self.api.Object[permission].default_attributes)
attrs_list.remove('memberindirect')
entry = ldap.get_entry(dn, attrs_list)
is_new = False
except errors.NotFound: