Allow removing sudo commands with special characters from command groups

Previously the commands were compared as serialized strings.
Differences in serializations meant commands with special characters
weren't found in the checked list.
Use the DN class to compare DNs correctly.

https://fedorahosted.org/freeipa/ticket/2483

1 files changed, 3 insertions, 3 deletions

diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index ffe2fba8a..dd5756735 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -1091,12 +1091,12 @@ class ldap2(CrudBackend, Encoder):
         (group_dn, group_entry_attrs) = self.get_entry(group_dn, [member_attr])
 
         # remove dn from group entry's `member_attr` attribute
-        members = group_entry_attrs.get(member_attr, [])
+        members = [DN(m) for m in group_entry_attrs.get(member_attr, [])]
         try:
-            members.remove(dn.lower())
+            members.remove(DN(dn))
         except ValueError:
             raise errors.NotGroupMember()
-        group_entry_attrs[member_attr] = members
+        group_entry_attrs[member_attr] = [str(m) for m in members]
 
         # update group entry
         self.update_entry(group_dn, group_entry_attrs)