diff options
-rw-r--r-- | ipalib/plugins/baseldap.py | 4 | ||||
-rw-r--r-- | ipaserver/plugins/ldap2.py | 6 | ||||
-rw-r--r-- | tests/test_xmlrpc/test_sudocmdgroup_plugin.py | 72 |
3 files changed, 77 insertions, 5 deletions
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index c0f25479a..cf5d8d20e 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -1583,8 +1583,8 @@ class LDAPRemoveMember(LDAPModMember): completed = 0 for (attr, objs) in member_dns.iteritems(): - for ldap_obj_name in objs: - for m_dn in member_dns[attr][ldap_obj_name]: + for ldap_obj_name, m_dns in objs.iteritems(): + for m_dn in m_dns: if not m_dn: continue try: diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index ffe2fba8a..dd5756735 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -1091,12 +1091,12 @@ class ldap2(CrudBackend, Encoder): (group_dn, group_entry_attrs) = self.get_entry(group_dn, [member_attr]) # remove dn from group entry's `member_attr` attribute - members = group_entry_attrs.get(member_attr, []) + members = [DN(m) for m in group_entry_attrs.get(member_attr, [])] try: - members.remove(dn.lower()) + members.remove(DN(dn)) except ValueError: raise errors.NotGroupMember() - group_entry_attrs[member_attr] = members + group_entry_attrs[member_attr] = [str(m) for m in members] # update group entry self.update_entry(group_dn, group_entry_attrs) diff --git a/tests/test_xmlrpc/test_sudocmdgroup_plugin.py b/tests/test_xmlrpc/test_sudocmdgroup_plugin.py index 8a534b2bf..9f2bf3336 100644 --- a/tests/test_xmlrpc/test_sudocmdgroup_plugin.py +++ b/tests/test_xmlrpc/test_sudocmdgroup_plugin.py @@ -28,12 +28,36 @@ from ipalib.dn import * sudocmdgroup1 = u'testsudocmdgroup1' sudocmdgroup2 = u'testsudocmdgroup2' sudocmd1 = u'/usr/bin/sudotestcmd1' +sudocmd_plus = u'/bin/ls -l /lost+found/*' + +def create_command(sudocmd): + return dict( + desc='Create %r' % sudocmd, + command=( + 'sudocmd_add', [], dict(sudocmd=sudocmd, + description=u'Test sudo command') + ), + expected=dict( + value=sudocmd, + summary=u'Added Sudo Command "%s"' % sudocmd, + result=dict( + objectclass=objectclasses.sudocmd, + sudocmd=[sudocmd], + ipauniqueid=[fuzzy_uuid], + description=[u'Test sudo command'], + dn=lambda x: DN(x) == \ + DN(('sudocmd',sudocmd),('cn','sudocmds'),('cn','sudo'), + api.env.basedn), + ), + ), + ) class test_sudocmdgroup(Declarative): cleanup_commands = [ ('sudocmdgroup_del', [sudocmdgroup1], {}), ('sudocmdgroup_del', [sudocmdgroup2], {}), ('sudocmd_del', [sudocmd1], {}), + ('sudocmd_del', [sudocmd_plus], {}), ] tests = [ @@ -473,6 +497,54 @@ class test_sudocmdgroup(Declarative): ), ), + ################ + # test a command that needs DN escaping: + create_command(sudocmd_plus), + + dict( + desc='Add %r to %r' % (sudocmd_plus, sudocmdgroup1), + command=('sudocmdgroup_add_member', [sudocmdgroup1], + dict(sudocmd=sudocmd_plus) + ), + expected=dict( + completed=1, + failed=dict( + member=dict( + sudocmd=tuple(), + ), + ), + result={ + 'dn': lambda x: DN(x) == \ + DN(('cn',sudocmdgroup1),('cn','sudocmdgroups'), + ('cn','sudo'),api.env.basedn), + 'member_sudocmd': (sudocmd_plus,), + 'cn': [sudocmdgroup1], + 'description': [u'New desc 1'], + }, + ), + ), + + dict( + desc='Remove %r from %r' % (sudocmd_plus, sudocmdgroup1), + command=('sudocmdgroup_remove_member', [sudocmdgroup1], + dict(sudocmd=sudocmd_plus) + ), + expected=dict( + completed=1, + failed=dict( + member=dict( + sudocmd=tuple(), + ), + ), + result={ + 'dn': lambda x: DN(x) == \ + DN(('cn',sudocmdgroup1),('cn','sudocmdgroups'), + ('cn','sudo'),api.env.basedn), + 'cn': [sudocmdgroup1], + 'description': [u'New desc 1'], + }, + ), + ), ################ # delete sudocmdgroup1: |