diff options
author | Jan Zeleny <jzeleny@redhat.com> | 2011-01-24 03:24:05 -0500 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2011-01-24 22:32:55 -0500 |
commit | 3e3cc55d24e2bfc4fec80d5e10ce4f3646d7c08c (patch) | |
tree | a5d462f1f8fc8c837bc329cab76c3b3c36cd37a6 | |
parent | 35b3d6b3bec244f4653b5284702ce080810a086c (diff) | |
download | freeipa-3e3cc55d24e2bfc4fec80d5e10ce4f3646d7c08c.tar.gz freeipa-3e3cc55d24e2bfc4fec80d5e10ce4f3646d7c08c.tar.xz freeipa-3e3cc55d24e2bfc4fec80d5e10ce4f3646d7c08c.zip |
Disable renaming to empty string
So far it was possible to rename any object using LDAPUpdate to a name
with empty primary key. Since this can cause nasty problems, this patch
disables empty string in --rename argument.
https://fedorahosted.org/freeipa/ticket/827
-rw-r--r-- | ipalib/plugins/baseldap.py | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 27e543d03..b20d96012 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -800,6 +800,8 @@ class LDAPUpdate(LDAPQuery, crud.Update): rdnupdate = False try: if self.obj.rdnattr and 'rename' in options: + if not options['rename']: + raise errors.ValidationError(name='rename', error=u'can\'t be empty') entry_attrs[self.obj.rdnattr] = options['rename'] if self.obj.rdnattr and self.obj.rdnattr in entry_attrs: |