diff options
author | Petr Viktorin <pviktori@redhat.com> | 2014-03-03 14:46:51 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-03-07 16:52:40 +0100 |
commit | 02e61961daf87fae22d6891ce2e1d7f8670dd2bf (patch) | |
tree | 2c6b0457c23507264f94bbd2dcbd970812009c35 /ipalib/plugins/permission.py | |
parent | 4048d412f2297df6bb483c86cdb61c21a0081f35 (diff) | |
download | freeipa-02e61961daf87fae22d6891ce2e1d7f8670dd2bf.tar.gz freeipa-02e61961daf87fae22d6891ce2e1d7f8670dd2bf.tar.xz freeipa-02e61961daf87fae22d6891ce2e1d7f8670dd2bf.zip |
permission-mod: Remove attributelevelrights before reverting entry
LDAPUpdate adds the display-only 'attributelevelrights' attribute,
which doesn't exist in LDAP. Remove it before reverting entry.
https://fedorahosted.org/freeipa/ticket/4212
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Diffstat (limited to 'ipalib/plugins/permission.py')
-rw-r--r-- | ipalib/plugins/permission.py | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index 670e3f1c6..79335404a 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -988,6 +988,9 @@ class permission_mod(baseldap.LDAPUpdate): else: self.obj.update_aci(entry, old_entry.single_value['cn']) except Exception: + # Don't revert attribute which doesn't exist in LDAP + entry.pop('attributelevelrights', None) + self.log.error('Error updating ACI: %s' % traceback.format_exc()) self.log.warn('Reverting entry') old_entry.reset_modlist(entry) |