Don't allow host cn to be changed (it isn't used anyway).

We are required by LDAP schema to have a cn value. Don't let users change it thinking they are actually doing something. tickets 706 and 707
2025-02-25 18:55:28 -06:00 · 2011-02-15 15:04:40 -05:00 · 2011-02-15 15:04:40 -05:00 · 86fe47b87d
commit 86fe47b87d
parent 2f0e8e3a3d
1 changed files with 2 additions and 0 deletions
--- a/ipalib/plugins/host.py
+++ b/ipalib/plugins/host.py
@ -533,6 +533,8 @@ class host_mod(LDAPUpdate):

    def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
        # Once a principal name is set it cannot be changed
+        if 'cn' in entry_attrs:
+            raise errors.ACIError(info='cn is immutable')
        if 'locality' in entry_attrs:
            entry_attrs['l'] = entry_attrs['locality']
            del entry_attrs['locality']