Search allowed attributes in superior objectclasses

get_allowed_attributes function was improved to look for allowed attributes also in the superior objectclasses of specified objectclass. This fixes the regression caused by patch for ticket #2293. Test-case for unit-test was also created. https://fedorahosted.org/freeipa/ticket/2293
2025-02-25 18:55:28 -06:00 · 2012-03-21 13:30:42 +01:00
parent d14438405a
commit a58cbb985e
2 changed files with 38 additions and 0 deletions
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -401,6 +401,9 @@ class ldap2(CrudBackend, Encoder):
            obj = self.schema.get_obj(_ldap.schema.ObjectClass, oc)
            if obj is not None:
                allowed_attributes += obj.must + obj.may
+                # look for allowed attributes in the superior objectclasses
+                if obj.sup:
+                    allowed_attributes += self.get_allowed_attributes(obj.sup,raise_on_unknown)
            elif raise_on_unknown:
                raise errors.NotFound(reason=_('objectclass %s not found') % oc)
        return [unicode(a).lower() for a in list(set(allowed_attributes))]