diff options
author | Petr Viktorin <pviktori@redhat.com> | 2014-05-16 13:18:36 +0200 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-05-26 12:39:33 +0200 |
commit | 988b2cebf4bf6657eb50f5ecc57bd39425739b8b (patch) | |
tree | 21b2a6dba2b0baeefffa78466b8088109fd32a24 | |
parent | 193ced0bd7a9a26e7b25f08b023ee21302acaac7 (diff) | |
download | freeipa-988b2cebf4bf6657eb50f5ecc57bd39425739b8b.tar.gz freeipa-988b2cebf4bf6657eb50f5ecc57bd39425739b8b.tar.xz freeipa-988b2cebf4bf6657eb50f5ecc57bd39425739b8b.zip |
ldap2.find_entries: Do not modify attrs_list in-place
dap2.find_entries modified the passed in attrs_list to remove
the virtual attributes memberindirect and memberofindirect
before passing the list to LDAP. This means that a call like
ldap2.get_entry(dn, attrs_list=some_framework_object.default_attributes)
would permanently remove the virtual attributes from
some_framework_object's definition.
Create a copy of the list instead.
https://fedorahosted.org/freeipa/ticket/4349
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
-rw-r--r-- | ipaserver/plugins/ldap2.py | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index 17bd84118..03ab2dbfe 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -186,12 +186,15 @@ class ldap2(LDAPClient, CrudBackend): has_memberindirect = False has_memberofindirect = False if attrs_list: - if 'memberindirect' in attrs_list: - has_memberindirect = True - attrs_list.remove('memberindirect') - if 'memberofindirect' in attrs_list: - has_memberofindirect = True - attrs_list.remove('memberofindirect') + new_attrs_list = [] + for attr_name in attrs_list: + if attr_name == 'memberindirect': + has_memberindirect = True + elif attr_name == 'memberofindirect': + has_memberofindirect = True + else: + new_attrs_list.append(attr_name) + attrs_list = new_attrs_list res, truncated = super(ldap2, self).find_entries( filter=filter, attrs_list=attrs_list, base_dn=base_dn, scope=scope, |