Don't allow managed groups to have group password policy.

UPG cannot have members and we use memberOf in class of service to determine which policy to apply. ticket 160
author: Rob Crittenden <rcritten@redhat.com> 2010-10-26 14:31:00 -0400
committer: Rob Crittenden <rcritten@redhat.com> 2010-10-28 17:36:05 -0400
commit: 7486ead6c910d13ae4d7cbae6fae738ce2bf47eb (patch)
tree: 32ce7ca9a1407e5506e965f1c85b8b9b07047b18 /ipalib/plugins/pwpolicy.py
parent: c1dfb50ee9be266e3448ad53acd8a6464938c604 (diff)
download: freeipa-7486ead6c910d13ae4d7cbae6fae738ce2bf47eb.tar.gz
freeipa-7486ead6c910d13ae4d7cbae6fae738ce2bf47eb.tar.xz
freeipa-7486ead6c910d13ae4d7cbae6fae738ce2bf47eb.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/ipalib/plugins/pwpolicy.py b/ipalib/plugins/pwpolicy.py
index 5e81631f4..893473611 100644
--- a/ipalib/plugins/pwpolicy.py
+++ b/ipalib/plugins/pwpolicy.py
@@ -115,7 +115,10 @@ class cosentry_add(LDAPCreate):
 
     def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
         # check for existence of the group
-        self.api.Command.group_show(keys[-1])
+        result = self.api.Command.group_show(keys[-1], all=True)['result']
+        oc = map(lambda x:x.lower(),result['objectclass'])
+        if 'mepmanagedentry' in oc:
+            raise errors.ManagedPolicyError()
         self.obj.check_priority_uniqueness(*keys, **options)
         del entry_attrs['cn']
         return dn
author	Rob Crittenden <rcritten@redhat.com>	2010-10-26 14:31:00 -0400
committer	Rob Crittenden <rcritten@redhat.com>	2010-10-28 17:36:05 -0400
commit	7486ead6c910d13ae4d7cbae6fae738ce2bf47eb (patch)
tree	32ce7ca9a1407e5506e965f1c85b8b9b07047b18 /ipalib/plugins/pwpolicy.py
parent	c1dfb50ee9be266e3448ad53acd8a6464938c604 (diff)
download	freeipa-7486ead6c910d13ae4d7cbae6fae738ce2bf47eb.tar.gz freeipa-7486ead6c910d13ae4d7cbae6fae738ce2bf47eb.tar.xz freeipa-7486ead6c910d13ae4d7cbae6fae738ce2bf47eb.zip