Don't allow default objectclass list to be empty.

https://fedorahosted.org/freeipa/ticket/1945
author: Rob Crittenden <rcritten@redhat.com> 2011-11-08 17:04:26 -0500
committer: Martin Kosek <mkosek@redhat.com> 2011-11-09 08:50:17 +0100
commit: b68ce0313c9ff31354d2be621079522886f556e3 (patch)
tree: 2645ec8ed256b4a89506db0a9de774baaa7fc0ca /ipalib
parent: 94a8bc1917fcc6571a7d9bdf7b53efea8c9d9241 (diff)
download: freeipa-b68ce0313c9ff31354d2be621079522886f556e3.tar.gz
freeipa-b68ce0313c9ff31354d2be621079522886f556e3.tar.xz
freeipa-b68ce0313c9ff31354d2be621079522886f556e3.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/ipalib/plugins/config.py b/ipalib/plugins/config.py
index 9bed5d823..332eea104 100644
--- a/ipalib/plugins/config.py
+++ b/ipalib/plugins/config.py
@@ -220,6 +220,9 @@ class config_mod(LDAPUpdate):
         for (attr, obj) in (('ipauserobjectclasses', 'user'),
                             ('ipagroupobjectclasses', 'group')):
             if attr in entry_attrs:
+                if not entry_attrs[attr]:
+                    raise errors.ValidationError(name=attr,
+                        error=_('May not be empty'))
                 objectclasses = list(set(entry_attrs[attr] \
                                          + self.api.Object[obj].possible_objectclasses))
                 new_allowed_attrs = ldap.get_allowed_attributes(objectclasses,
author	Rob Crittenden <rcritten@redhat.com>	2011-11-08 17:04:26 -0500
committer	Martin Kosek <mkosek@redhat.com>	2011-11-09 08:50:17 +0100
commit	b68ce0313c9ff31354d2be621079522886f556e3 (patch)
tree	2645ec8ed256b4a89506db0a9de774baaa7fc0ca /ipalib
parent	94a8bc1917fcc6571a7d9bdf7b53efea8c9d9241 (diff)
download	freeipa-b68ce0313c9ff31354d2be621079522886f556e3.tar.gz freeipa-b68ce0313c9ff31354d2be621079522886f556e3.tar.xz freeipa-b68ce0313c9ff31354d2be621079522886f556e3.zip