From c5e61c85e626da61180f84bc80e294ab0eb3757a Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Thu, 13 Mar 2014 17:27:08 +0530 Subject: [PATCH] permission plugin: Add 'top' to the list of object classes The 'top' objectclass is added by DS if not present. On every update the managed permission updater compared the object_class list with the state from LDAP, saw that there's an extra 'top' value, and tried deleting it. Add 'top' to the list to match the entry in LDAP. Reviewed-By: Martin Kosek --- ipalib/plugins/permission.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index 987b9199a..e2f842810 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -167,7 +167,9 @@ class permission(baseldap.LDAPObject): container_dn = api.env.container_permission object_name = _('permission') object_name_plural = _('permissions') - object_class = ['groupofnames', 'ipapermission', 'ipapermissionv2'] + # For use the complete object_class list, including 'top', so + # the updater doesn't try to delete 'top' every time. + object_class = ['top', 'groupofnames', 'ipapermission', 'ipapermissionv2'] default_attributes = ['cn', 'member', 'memberof', 'memberindirect', 'ipapermissiontype', 'objectclass', 'ipapermdefaultattr', 'ipapermincludedattr', 'ipapermexcludedattr',