diff options
author | Ondrej Hamada <ohamada@redhat.com> | 2012-03-21 13:30:42 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2012-03-22 17:13:39 +0100 |
commit | a58cbb985ec007c0ef83010b32408efb2f4784d2 (patch) | |
tree | 729c8993d6fe32a3b3b6bbdfb00cabc71a9fb4c3 /ipaserver | |
parent | d14438405a63b2dda91d6965cf0b3111c54f6334 (diff) | |
download | freeipa-a58cbb985ec007c0ef83010b32408efb2f4784d2.tar.gz freeipa-a58cbb985ec007c0ef83010b32408efb2f4784d2.tar.xz freeipa-a58cbb985ec007c0ef83010b32408efb2f4784d2.zip |
Search allowed attributes in superior objectclasses
get_allowed_attributes function was improved to look for allowed
attributes also in the superior objectclasses of specified objectclass.
This fixes the regression caused by patch for ticket #2293. Test-case
for unit-test was also created.
https://fedorahosted.org/freeipa/ticket/2293
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/plugins/ldap2.py | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index dd5756735..178386c67 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -401,6 +401,9 @@ class ldap2(CrudBackend, Encoder): obj = self.schema.get_obj(_ldap.schema.ObjectClass, oc) if obj is not None: allowed_attributes += obj.must + obj.may + # look for allowed attributes in the superior objectclasses + if obj.sup: + allowed_attributes += self.get_allowed_attributes(obj.sup,raise_on_unknown) elif raise_on_unknown: raise errors.NotFound(reason=_('objectclass %s not found') % oc) return [unicode(a).lower() for a in list(set(allowed_attributes))] |