diff options
author | Jan Cholasta <jcholast@redhat.com> | 2011-10-11 14:28:17 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2011-10-12 10:12:59 +0200 |
commit | 1e56498479e15989e85777f22bd4d775023b2e73 (patch) | |
tree | 4d1bff2dbbed692e252a89c589c58bcde010e6d9 /ipalib | |
parent | 07b87aac69edab0ea4aaa79ec5b4edc7af2c382a (diff) | |
download | freeipa-1e56498479e15989e85777f22bd4d775023b2e73.tar.gz freeipa-1e56498479e15989e85777f22bd4d775023b2e73.tar.xz freeipa-1e56498479e15989e85777f22bd4d775023b2e73.zip |
Disallow deletion of global password policy.
ticket 1936
Diffstat (limited to 'ipalib')
-rw-r--r-- | ipalib/plugins/pwpolicy.py | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/ipalib/plugins/pwpolicy.py b/ipalib/plugins/pwpolicy.py index 79ea44dda..f261de562 100644 --- a/ipalib/plugins/pwpolicy.py +++ b/ipalib/plugins/pwpolicy.py @@ -366,6 +366,14 @@ class pwpolicy_del(LDAPDelete): attribute=True, required=True, multivalue=True ) + def pre_callback(self, ldap, dn, *keys, **options): + if dn.lower() == global_policy_dn.lower(): + raise errors.ValidationError( + name='group', + error=_('cannot delete global password policy') + ) + return dn + def post_callback(self, ldap, dn, *keys, **options): try: self.api.Command.cosentry_del(keys[-1]) |