diff options
| author | Nathaniel McCallum <npmccallum@redhat.com> | 2014-08-19 16:32:33 -0400 |
|---|---|---|
| committer | Petr Vobornik <pvoborni@redhat.com> | 2014-09-03 13:13:16 +0200 |
| commit | e26b3e14eb07baa4868109307d9d064bab4c5e0b (patch) | |
| tree | 7bfef8d7fd0600c1fe5b3fa0fef34dbc39b2fb41 | |
| parent | c8aefc23a40acbf94c11d8a09d73d4e4c1312c5f (diff) | |
| download | freeipa-e26b3e14eb07baa4868109307d9d064bab4c5e0b.tar.gz freeipa-e26b3e14eb07baa4868109307d9d064bab4c5e0b.tar.xz freeipa-e26b3e14eb07baa4868109307d9d064bab4c5e0b.zip | |
Ensure ipaUserAuthTypeClass when needed on user creation
Also, remove the attempt to load the objectClasses when absent. This
never makes sense during an add operation.
https://fedorahosted.org/freeipa/ticket/4455
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
| -rw-r--r-- | ipalib/plugins/user.py | 24 |
1 files changed, 11 insertions, 13 deletions
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index f646e8582..454d21972 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -780,23 +780,21 @@ class user_add(LDAPCreate): if 'manager' in entry_attrs: entry_attrs['manager'] = self.obj._normalize_manager(entry_attrs['manager']) - if ('objectclass' in entry_attrs - and 'userclass' in entry_attrs - and 'ipauser' not in entry_attrs['objectclass']): + if 'userclass' in entry_attrs and \ + 'ipauser' not in entry_attrs['objectclass']: entry_attrs['objectclass'].append('ipauser') - if 'ipatokenradiusconfiglink' in entry_attrs: - cl = entry_attrs['ipatokenradiusconfiglink'] - if cl: - if 'objectclass' not in entry_attrs: - _entry = ldap.get_entry(dn, ['objectclass']) - entry_attrs['objectclass'] = _entry['objectclass'] + if 'ipauserauthtype' in entry_attrs and \ + 'ipauserauthtypeclass' not in entry_attrs['objectclass']: + entry_attrs['objectclass'].append('ipauserauthtypeclass') - if 'ipatokenradiusproxyuser' not in entry_attrs['objectclass']: - entry_attrs['objectclass'].append('ipatokenradiusproxyuser') + rcl = entry_attrs.get('ipatokenradiusconfiglink', None) + if rcl: + if 'ipatokenradiusproxyuser' not in entry_attrs['objectclass']: + entry_attrs['objectclass'].append('ipatokenradiusproxyuser') - answer = self.api.Object['radiusproxy'].get_dn_if_exists(cl) - entry_attrs['ipatokenradiusconfiglink'] = answer + answer = self.api.Object['radiusproxy'].get_dn_if_exists(rcl) + entry_attrs['ipatokenradiusconfiglink'] = answer return dn |