diff options
author | Rob Crittenden <rcritten@redhat.com> | 2012-02-22 17:42:38 -0500 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2012-02-23 20:17:12 +0100 |
commit | d4a1dc5712cd2fa9e028a43e5b7146891e5012f0 (patch) | |
tree | 7259092817babb11ba0ea02022d8b9f6a199f467 /ipalib/plugins/baseldap.py | |
parent | 915286fed2771415b48f5476047b283b8a5fed3c (diff) | |
download | freeipa-d4a1dc5712cd2fa9e028a43e5b7146891e5012f0.tar.gz freeipa-d4a1dc5712cd2fa9e028a43e5b7146891e5012f0.tar.xz freeipa-d4a1dc5712cd2fa9e028a43e5b7146891e5012f0.zip |
Don't allow IPA master hosts or important services be deleted.
Deleting these would cause the IPA master to blow up.
For services I'm taking a conservative approach and only limiting the
deletion of known services we care about.
https://fedorahosted.org/freeipa/ticket/2425
Diffstat (limited to 'ipalib/plugins/baseldap.py')
-rw-r--r-- | ipalib/plugins/baseldap.py | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index d619f14ee..725704ee0 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -387,6 +387,20 @@ def remove_external_post_callback(memberattr, membertype, externalattr, ldap, co return (completed + completed_external, dn) +def host_is_master(ldap, fqdn): + """ + Check to see if this host is a master. + + Raises an exception if a master, otherwise returns nothing. + """ + master_dn = str(DN('cn=%s' % fqdn, 'cn=masters,cn=ipa,cn=etc', api.env.basedn)) + try: + (dn, entry_attrs) = ldap.get_entry(master_dn, ['objectclass']) + raise errors.ValidationError(name='hostname', error=_('An IPA master host cannot be deleted')) + except errors.NotFound: + # Good, not a master + return + class LDAPObject(Object): """ |