summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2011-02-17 11:58:53 -0500
committerRob Crittenden <rcritten@redhat.com>2011-02-17 17:11:06 -0500
commit4211eee9922cc30e57e740e34018653381bd0dde (patch)
tree7701ddf2a238985caaa9e3675b718d0c3e11f2aa
parent23234094c3fbdc415ffe4e221bd29c0dedf0c5b3 (diff)
downloadfreeipa-4211eee9922cc30e57e740e34018653381bd0dde.zip
freeipa-4211eee9922cc30e57e740e34018653381bd0dde.tar.gz
freeipa-4211eee9922cc30e57e740e34018653381bd0dde.tar.xz
Special handling for nsaccountlock attribute in user.
nsaccountlock doesn't have a visible Param but we want do so some basic validation to be sure garbage doesn't get in there so do it in the pre_callback of add and mod. ticket 968
-rw-r--r--ipalib/plugins/user.py8
1 files changed, 8 insertions, 0 deletions
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index 70cece6..f5eea38 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -63,6 +63,12 @@ from ipalib import _, ngettext
from ipalib.request import context
from time import gmtime, strftime
+def validate_nsaccountlock(entry_attrs):
+ if 'nsaccountlock' in entry_attrs:
+ if not isinstance(entry_attrs['nsaccountlock'], basestring):
+ raise errors.OnlyOneValueAllowed(attr='nsaccountlock')
+ if entry_attrs['nsaccountlock'].lower() not in ('true','false'):
+ raise errors.ValidationError(name='nsaccountlock', error='must be TRUE or FALSE')
class user(LDAPObject):
"""
@@ -258,6 +264,7 @@ class user_add(LDAPCreate):
raise errors.ManagedGroupExistsError(group=keys[-1])
except errors.NotFound:
pass
+ validate_nsaccountlock(entry_attrs)
config = ldap.get_ipa_config()[1]
if 'ipamaxusernamelength' in config:
if len(keys[-1]) > int(config.get('ipamaxusernamelength')[0]):
@@ -335,6 +342,7 @@ class user_mod(LDAPUpdate):
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
if 'mail' in entry_attrs:
entry_attrs['mail'] = self.obj._normalize_email(entry_attrs['mail'])
+ validate_nsaccountlock(entry_attrs)
return dn
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):