diff options
author | Rob Crittenden <rcritten@redhat.com> | 2010-12-17 16:57:28 -0500 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2010-12-17 18:04:37 -0500 |
commit | 34534a026f39e5c5c139d23ab70db72009789e5b (patch) | |
tree | 7e64d9a94bd2a6c5ac54e54f46e600b539727212 /ipalib/plugins/host.py | |
parent | 7035ffe49ca8456a1efc155c9cb22ec01a881ba2 (diff) | |
download | freeipa-34534a026f39e5c5c139d23ab70db72009789e5b.tar.gz freeipa-34534a026f39e5c5c139d23ab70db72009789e5b.tar.xz freeipa-34534a026f39e5c5c139d23ab70db72009789e5b.zip |
Don't use camel-case LDAP attributes in ACI and don't clear enrolledBy
We keep LDAP attributes lower-case elsewhere in the API we should do the
same with all access controls.
There were two ACIs pointing at the manage_host_keytab permission. This
isn't allowed in general and we have decided separately to not clear out
enrolledBy when a host is unenrolled so dropping it is the obvious thing
to do.
ticket 597
Diffstat (limited to 'ipalib/plugins/host.py')
-rw-r--r-- | ipalib/plugins/host.py | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index 22cd424ed..91aa65154 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -686,7 +686,6 @@ class host_disable(LDAPQuery): if 'krblastpwdchange' in entry_attrs: ldap.remove_principal_key(dn) - api.Command['host_mod'](fqdn=keys[-1], setattr=u'enrolledby=') done_work = True if not done_work: |