diff options
author | Tomas Babej <tbabej@redhat.com> | 2013-02-11 10:19:53 +0100 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2013-02-19 16:56:46 -0500 |
commit | 5b64cde92a84c2e8ad2f99fd139fa5d13598b096 (patch) | |
tree | 74e4af133106b4e2e55ef3a2258bf62c4837c656 /ipalib/plugins/group.py | |
parent | 462beacc9d13968128fa320d155016df2d72a20a (diff) | |
download | freeipa-5b64cde92a84c2e8ad2f99fd139fa5d13598b096.tar.gz freeipa-5b64cde92a84c2e8ad2f99fd139fa5d13598b096.tar.xz freeipa-5b64cde92a84c2e8ad2f99fd139fa5d13598b096.zip |
Prevent changing protected group's name using --setattr
The name of any protected group now cannot be changed by modifing
the cn attribute using --setattr. Unit tests have been added to
make sure there is no regression.
https://fedorahosted.org/freeipa/ticket/3354
Diffstat (limited to 'ipalib/plugins/group.py')
-rw-r--r-- | ipalib/plugins/group.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ipalib/plugins/group.py b/ipalib/plugins/group.py index 19404c6fa..4994dacb3 100644 --- a/ipalib/plugins/group.py +++ b/ipalib/plugins/group.py @@ -265,7 +265,7 @@ class group_mod(LDAPUpdate): is_protected_group = keys[-1] in PROTECTED_GROUPS - if 'rename' in options: + if 'rename' in options or 'cn' in entry_attrs: if is_protected_group: raise errors.ProtectedEntryError(label=u'group', key=keys[-1], reason=u'Cannot be renamed') |