diff options
author | Tomas Babej <tbabej@redhat.com> | 2013-02-20 10:50:36 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2013-02-26 09:32:30 +0100 |
commit | 68ffb4af2f9b1000492363c4979d049077ada893 (patch) | |
tree | b4bf7834ab6af977bb429d92d9c17b8a60ffa895 /ipalib | |
parent | 4ba2700de494f59cdb4993cba5f259c8d2894d1e (diff) | |
download | freeipa-68ffb4af2f9b1000492363c4979d049077ada893.tar.gz freeipa-68ffb4af2f9b1000492363c4979d049077ada893.tar.xz freeipa-68ffb4af2f9b1000492363c4979d049077ada893.zip |
Add trusted domain range objectclass when using idrange-mod
When modifing the idrange, one was able to add ipa NT trusted
AD domain sid without objectclass ipatrustedaddomainrange being
added. This patch fixes the issue.
Diffstat (limited to 'ipalib')
-rw-r--r-- | ipalib/plugins/idrange.py | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/ipalib/plugins/idrange.py b/ipalib/plugins/idrange.py index d32146fe0..d8989327a 100644 --- a/ipalib/plugins/idrange.py +++ b/ipalib/plugins/idrange.py @@ -533,6 +533,11 @@ class idrange_mod(LDAPUpdate): # perform this check only if the attribute was changed self.obj.validate_trusted_domain_sid( entry_attrs['ipanttrusteddomainsid']) + + # Add trusted AD domain range object class, if it wasn't there + if not 'ipatrustedaddomainrange' in old_attrs['objectclass']: + entry_attrs['objectclass'].append('ipatrustedaddomainrange') + else: # secondary base rid must be set if and only if base rid is set if in_updated_attrs('ipasecondarybaserid') !=\ |