Prevent to rename certprofile profile id

https://fedorahosted.org/freeipa/ticket/5074 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
author: Martin Basti <mbasti@redhat.com> 2015-07-09 17:17:21 +0200
committer: Jan Cholasta <jcholast@redhat.com> 2015-07-10 09:01:05 +0000
commit: 67b2b3408579814f7ff307cfd20bc4250edbea15 (patch)
tree: 5a588687faeb78404c1efd560b6618bf28c854d5
parent: 0569910fead3b33a0806b216823738cf17283108 (diff)
download: freeipa-67b2b3408579814f7ff307cfd20bc4250edbea15.tar.gz
freeipa-67b2b3408579814f7ff307cfd20bc4250edbea15.tar.xz
freeipa-67b2b3408579814f7ff307cfd20bc4250edbea15.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/ipalib/plugins/certprofile.py b/ipalib/plugins/certprofile.py
index 6f9a41875..5550ed942 100644
--- a/ipalib/plugins/certprofile.py
+++ b/ipalib/plugins/certprofile.py
@@ -291,6 +291,9 @@ class certprofile_mod(LDAPUpdate):
 
     def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
         ca_enabled_check()
+        # Once a profile id is set it cannot be changed
+        if 'cn' in entry_attrs:
+            raise errors.ACIError(info=_('cn is immutable'))
         if 'file' in options:
             with self.api.Backend.ra_certprofile as profile_api:
                 profile_api.disable_profile(keys[0])
author	Martin Basti <mbasti@redhat.com>	2015-07-09 17:17:21 +0200
committer	Jan Cholasta <jcholast@redhat.com>	2015-07-10 09:01:05 +0000
commit	67b2b3408579814f7ff307cfd20bc4250edbea15 (patch)
tree	5a588687faeb78404c1efd560b6618bf28c854d5
parent	0569910fead3b33a0806b216823738cf17283108 (diff)
download	freeipa-67b2b3408579814f7ff307cfd20bc4250edbea15.tar.gz freeipa-67b2b3408579814f7ff307cfd20bc4250edbea15.tar.xz freeipa-67b2b3408579814f7ff307cfd20bc4250edbea15.zip