Don't allow default objectclass list to be empty.

https://fedorahosted.org/freeipa/ticket/1945
2025-02-25 18:55:28 -06:00 · 2011-11-08 17:04:26 -05:00 · 2011-11-08 17:04:26 -05:00 · b68ce0313c
commit b68ce0313c
parent 94a8bc1917
1 changed files with 3 additions and 0 deletions
--- a/ipalib/plugins/config.py
+++ b/ipalib/plugins/config.py
@ -220,6 +220,9 @@ class config_mod(LDAPUpdate):
        for (attr, obj) in (('ipauserobjectclasses', 'user'),
                            ('ipagroupobjectclasses', 'group')):
            if attr in entry_attrs:
+                if not entry_attrs[attr]:
+                    raise errors.ValidationError(name=attr,
+                        error=_('May not be empty'))
                objectclasses = list(set(entry_attrs[attr] \
                                         + self.api.Object[obj].possible_objectclasses))
                new_allowed_attrs = ldap.get_allowed_attributes(objectclasses,