Prevent changing protected group's name using --setattr

The name of any protected group now cannot be changed by modifing the cn attribute using --setattr. Unit tests have been added to make sure there is no regression. https://fedorahosted.org/freeipa/ticket/3354
author: Tomas Babej <tbabej@redhat.com> 2013-02-11 10:19:53 +0100
committer: Rob Crittenden <rcritten@redhat.com> 2013-02-19 16:56:46 -0500
commit: 5b64cde92a84c2e8ad2f99fd139fa5d13598b096 (patch)
tree: 74e4af133106b4e2e55ef3a2258bf62c4837c656 /ipalib/plugins/group.py
parent: 462beacc9d13968128fa320d155016df2d72a20a (diff)
download: freeipa-5b64cde92a84c2e8ad2f99fd139fa5d13598b096.tar.gz
freeipa-5b64cde92a84c2e8ad2f99fd139fa5d13598b096.tar.xz
freeipa-5b64cde92a84c2e8ad2f99fd139fa5d13598b096.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/ipalib/plugins/group.py b/ipalib/plugins/group.py
index 19404c6fa..4994dacb3 100644
--- a/ipalib/plugins/group.py
+++ b/ipalib/plugins/group.py
@@ -265,7 +265,7 @@ class group_mod(LDAPUpdate):
 
         is_protected_group = keys[-1] in PROTECTED_GROUPS
 
-        if 'rename' in options:
+        if 'rename' in options or 'cn' in entry_attrs:
             if is_protected_group:
                 raise errors.ProtectedEntryError(label=u'group', key=keys[-1],
                     reason=u'Cannot be renamed')
author	Tomas Babej <tbabej@redhat.com>	2013-02-11 10:19:53 +0100
committer	Rob Crittenden <rcritten@redhat.com>	2013-02-19 16:56:46 -0500
commit	5b64cde92a84c2e8ad2f99fd139fa5d13598b096 (patch)
tree	74e4af133106b4e2e55ef3a2258bf62c4837c656 /ipalib/plugins/group.py
parent	462beacc9d13968128fa320d155016df2d72a20a (diff)
download	freeipa-5b64cde92a84c2e8ad2f99fd139fa5d13598b096.tar.gz freeipa-5b64cde92a84c2e8ad2f99fd139fa5d13598b096.tar.xz freeipa-5b64cde92a84c2e8ad2f99fd139fa5d13598b096.zip