Disallow deletion of global password policy.

ticket 1936
author: Jan Cholasta <jcholast@redhat.com> 2011-10-11 14:28:17 +0200
committer: Martin Kosek <mkosek@redhat.com> 2011-10-12 10:12:59 +0200
commit: 1e56498479e15989e85777f22bd4d775023b2e73 (patch)
tree: 4d1bff2dbbed692e252a89c589c58bcde010e6d9 /ipalib
parent: 07b87aac69edab0ea4aaa79ec5b4edc7af2c382a (diff)
download: freeipa-1e56498479e15989e85777f22bd4d775023b2e73.tar.gz
freeipa-1e56498479e15989e85777f22bd4d775023b2e73.tar.xz
freeipa-1e56498479e15989e85777f22bd4d775023b2e73.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/ipalib/plugins/pwpolicy.py b/ipalib/plugins/pwpolicy.py
index 79ea44dda..f261de562 100644
--- a/ipalib/plugins/pwpolicy.py
+++ b/ipalib/plugins/pwpolicy.py
@@ -366,6 +366,14 @@ class pwpolicy_del(LDAPDelete):
             attribute=True, required=True, multivalue=True
         )
 
+    def pre_callback(self, ldap, dn, *keys, **options):
+        if dn.lower() == global_policy_dn.lower():
+            raise errors.ValidationError(
+                name='group',
+                error=_('cannot delete global password policy')
+            )
+        return dn
+
     def post_callback(self, ldap, dn, *keys, **options):
         try:
             self.api.Command.cosentry_del(keys[-1])
author	Jan Cholasta <jcholast@redhat.com>	2011-10-11 14:28:17 +0200
committer	Martin Kosek <mkosek@redhat.com>	2011-10-12 10:12:59 +0200
commit	1e56498479e15989e85777f22bd4d775023b2e73 (patch)
tree	4d1bff2dbbed692e252a89c589c58bcde010e6d9 /ipalib
parent	07b87aac69edab0ea4aaa79ec5b4edc7af2c382a (diff)
download	freeipa-1e56498479e15989e85777f22bd4d775023b2e73.tar.gz freeipa-1e56498479e15989e85777f22bd4d775023b2e73.tar.xz freeipa-1e56498479e15989e85777f22bd4d775023b2e73.zip