summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2010-10-26 14:31:00 -0400
committerRob Crittenden <rcritten@redhat.com>2010-10-28 17:36:05 -0400
commit7486ead6c910d13ae4d7cbae6fae738ce2bf47eb (patch)
tree32ce7ca9a1407e5506e965f1c85b8b9b07047b18
parentc1dfb50ee9be266e3448ad53acd8a6464938c604 (diff)
downloadfreeipa-7486ead6c910d13ae4d7cbae6fae738ce2bf47eb.tar.gz
freeipa-7486ead6c910d13ae4d7cbae6fae738ce2bf47eb.tar.xz
freeipa-7486ead6c910d13ae4d7cbae6fae738ce2bf47eb.zip
Don't allow managed groups to have group password policy.
UPG cannot have members and we use memberOf in class of service to determine which policy to apply. ticket 160
Diffstat
-rw-r--r--ipalib/errors.py15
-rw-r--r--ipalib/plugins/pwpolicy.py5
-rw-r--r--tests/test_xmlrpc/test_pwpolicy.py13
3 files changed, 31 insertions, 2 deletions
diff --git a/ipalib/errors.py b/ipalib/errors.py
index bce433d2a..79ce42dac 100644
--- a/ipalib/errors.py
+++ b/ipalib/errors.py
@@ -1095,6 +1095,21 @@ class ManagedGroupError(ExecutionError):
errno = 4020
format = _('Deleting a managed group is not allowed. It must be detached first.')
+class ManagedPolicyError(ExecutionError):
+ """
+ **4021** Raised when password policy is assigned to a managed group
+
+ For example:
+
+ >>> raise ManagedPolicyError()
+ Traceback (most recent call last):
+ ...
+ ManagedPolicyError: A managed group cannot have a password policy.
+ """
+
+ errno = 4021
+ format = _('A managed group cannot have a password policy.')
+
class BuiltinError(ExecutionError):
"""
**4100** Base class for builtin execution errors (*4100 - 4199*).
diff --git a/ipalib/plugins/pwpolicy.py b/ipalib/plugins/pwpolicy.py
index 5e81631f4..893473611 100644
--- a/ipalib/plugins/pwpolicy.py
+++ b/ipalib/plugins/pwpolicy.py
@@ -115,7 +115,10 @@ class cosentry_add(LDAPCreate):
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
# check for existence of the group
- self.api.Command.group_show(keys[-1])
+ result = self.api.Command.group_show(keys[-1], all=True)['result']
+ oc = map(lambda x:x.lower(),result['objectclass'])
+ if 'mepmanagedentry' in oc:
+ raise errors.ManagedPolicyError()
self.obj.check_priority_uniqueness(*keys, **options)
del entry_attrs['cn']
return dn
diff --git a/tests/test_xmlrpc/test_pwpolicy.py b/tests/test_xmlrpc/test_pwpolicy.py
index 94063c568..8a384ca56 100644
--- a/tests/test_xmlrpc/test_pwpolicy.py
+++ b/tests/test_xmlrpc/test_pwpolicy.py
@@ -149,7 +149,18 @@ class test_pwpolicy(XMLRPC_test):
entry = api.Command['pwpolicy_mod'](self.group, krbminpwdlife=50)['result']
assert_attr_equal(entry, 'krbminpwdlife', '50')
- def test_a_pwpolicy_del(self):
+ def test_a_pwpolicy_managed(self):
+ """
+ Test adding password policy to a managed group.
+ """
+ try:
+ entry = api.Command['pwpolicy_add'](self.user, krbminpwdlife=50, cospriority=2)['result']
+ except errors.ManagedPolicyError:
+ pass
+ else:
+ assert False
+
+ def test_b_pwpolicy_del(self):
"""
Test the `xmlrpc.pwpolicy_del` method.
"""
generated by cgit (git 2.34.1) at 2024-05-05 00:50:25 +0000