summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexander Bokovoy <abokovoy@redhat.com>2011-06-27 15:08:13 +0300
committerRob Crittenden <rcritten@redhat.com>2011-06-27 23:03:23 -0400
commit716a25a784b4257ef4928afc18b6cebdb7d15e54 (patch)
tree5ab2602982249aedb8743c9d16727b6c3d42281f
parentf1e1223bd9c358367baac96ac7d6843edb56c5f6 (diff)
downloadfreeipa-716a25a784b4257ef4928afc18b6cebdb7d15e54.zip
freeipa-716a25a784b4257ef4928afc18b6cebdb7d15e54.tar.gz
freeipa-716a25a784b4257ef4928afc18b6cebdb7d15e54.tar.xz
Convert Bool to TRUE/FALSE when working with LDAP backend https://fedorahosted.org/freeipa/ticket/1259
According to RFC4517 the only valid values for a boolean in LDAP are TRUE or FALSE. This commit adds support to recognize TRUE and FALSE as valid Bool constants when converting from LDAP attribute values and enforces TRUE or FALSE string for account locking.
-rw-r--r--ipalib/parameters.py4
-rw-r--r--ipaserver/plugins/ldap2.py7
2 files changed, 7 insertions, 4 deletions
diff --git a/ipalib/parameters.py b/ipalib/parameters.py
index ee66084..3d9f208 100644
--- a/ipalib/parameters.py
+++ b/ipalib/parameters.py
@@ -903,8 +903,8 @@ class Bool(Param):
# FIXME: This my quick hack to get some UI stuff working, change these defaults
# --jderose 2009-08-28
kwargs = Param.kwargs + (
- ('truths', frozenset, frozenset([1, u'1', u'true'])),
- ('falsehoods', frozenset, frozenset([0, u'0', u'false'])),
+ ('truths', frozenset, frozenset([1, u'1', u'true', u'TRUE'])),
+ ('falsehoods', frozenset, frozenset([0, u'0', u'false', u'FALSE'])),
)
def _convert_scalar(self, value, index=None):
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index c375252..5d6d21d 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -522,7 +522,7 @@ class ldap2(CrudBackend, Encoder):
scope=_ldap.SCOPE_SUBTREE, time_limit=None, size_limit=None,
normalize=True, search_refs=False):
"""
- Return a list of entries and indication of whteher the results where
+ Return a list of entries and indication of whether the results were
truncated ([(dn, entry_attrs)], truncated) matching specified search
parameters followed by truncated flag. If the truncated flag is True,
search hit a server limit and its results are incomplete.
@@ -1056,7 +1056,10 @@ class ldap2(CrudBackend, Encoder):
else:
if account_lock_attr == 'true':
raise errors.AlreadyInactive()
- account_lock_attr = str(not active)
+
+ # LDAP expects string instead of Bool but it also requires it to be TRUE or FALSE,
+ # not True or False as Python stringification does. Thus, we uppercase it.
+ account_lock_attr = str(not active).upper()
entry_attrs['nsaccountlock'] = account_lock_attr
self.update_entry(dn, entry_attrs)