permission-mod: Remove attributelevelrights before reverting entry

LDAPUpdate adds the display-only 'attributelevelrights' attribute, which doesn't exist in LDAP. Remove it before reverting entry. https://fedorahosted.org/freeipa/ticket/4212 Reviewed-By: Martin Kosek <mkosek@redhat.com>
author: Petr Viktorin <pviktori@redhat.com> 2014-03-03 14:46:51 +0100
committer: Martin Kosek <mkosek@redhat.com> 2014-03-07 16:52:40 +0100
commit: 02e61961daf87fae22d6891ce2e1d7f8670dd2bf (patch)
tree: 2c6b0457c23507264f94bbd2dcbd970812009c35 /ipalib/plugins/permission.py
parent: 4048d412f2297df6bb483c86cdb61c21a0081f35 (diff)
download: freeipa-02e61961daf87fae22d6891ce2e1d7f8670dd2bf.tar.gz
freeipa-02e61961daf87fae22d6891ce2e1d7f8670dd2bf.tar.xz
freeipa-02e61961daf87fae22d6891ce2e1d7f8670dd2bf.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index 670e3f1c6..79335404a 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -988,6 +988,9 @@ class permission_mod(baseldap.LDAPUpdate):
             else:
                 self.obj.update_aci(entry, old_entry.single_value['cn'])
         except Exception:
+            # Don't revert attribute which doesn't exist in LDAP
+            entry.pop('attributelevelrights', None)
+
             self.log.error('Error updating ACI: %s' % traceback.format_exc())
             self.log.warn('Reverting entry')
             old_entry.reset_modlist(entry)
author	Petr Viktorin <pviktori@redhat.com>	2014-03-03 14:46:51 +0100
committer	Martin Kosek <mkosek@redhat.com>	2014-03-07 16:52:40 +0100
commit	02e61961daf87fae22d6891ce2e1d7f8670dd2bf (patch)
tree	2c6b0457c23507264f94bbd2dcbd970812009c35 /ipalib/plugins/permission.py
parent	4048d412f2297df6bb483c86cdb61c21a0081f35 (diff)
download	freeipa-02e61961daf87fae22d6891ce2e1d7f8670dd2bf.tar.gz freeipa-02e61961daf87fae22d6891ce2e1d7f8670dd2bf.tar.xz freeipa-02e61961daf87fae22d6891ce2e1d7f8670dd2bf.zip