diff options
author | Rob Crittenden <rcritten@redhat.com> | 2010-10-26 14:31:00 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2010-10-28 17:36:05 -0400 |
commit | 7486ead6c910d13ae4d7cbae6fae738ce2bf47eb (patch) | |
tree | 32ce7ca9a1407e5506e965f1c85b8b9b07047b18 /ipalib/plugins/pwpolicy.py | |
parent | c1dfb50ee9be266e3448ad53acd8a6464938c604 (diff) | |
download | freeipa-7486ead6c910d13ae4d7cbae6fae738ce2bf47eb.tar.gz freeipa-7486ead6c910d13ae4d7cbae6fae738ce2bf47eb.tar.xz freeipa-7486ead6c910d13ae4d7cbae6fae738ce2bf47eb.zip |
Don't allow managed groups to have group password policy.
UPG cannot have members and we use memberOf in class of service to determine
which policy to apply.
ticket 160
Diffstat (limited to 'ipalib/plugins/pwpolicy.py')
-rw-r--r-- | ipalib/plugins/pwpolicy.py | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/ipalib/plugins/pwpolicy.py b/ipalib/plugins/pwpolicy.py index 5e81631f4..893473611 100644 --- a/ipalib/plugins/pwpolicy.py +++ b/ipalib/plugins/pwpolicy.py @@ -115,7 +115,10 @@ class cosentry_add(LDAPCreate): def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): # check for existence of the group - self.api.Command.group_show(keys[-1]) + result = self.api.Command.group_show(keys[-1], all=True)['result'] + oc = map(lambda x:x.lower(),result['objectclass']) + if 'mepmanagedentry' in oc: + raise errors.ManagedPolicyError() self.obj.check_priority_uniqueness(*keys, **options) del entry_attrs['cn'] return dn |