diff options
-rw-r--r-- | ipalib/plugins/group.py | 2 | ||||
-rw-r--r-- | tests/test_xmlrpc/test_group_plugin.py | 15 |
2 files changed, 16 insertions, 1 deletions
diff --git a/ipalib/plugins/group.py b/ipalib/plugins/group.py index 19404c6fa..4994dacb3 100644 --- a/ipalib/plugins/group.py +++ b/ipalib/plugins/group.py @@ -265,7 +265,7 @@ class group_mod(LDAPUpdate): is_protected_group = keys[-1] in PROTECTED_GROUPS - if 'rename' in options: + if 'rename' in options or 'cn' in entry_attrs: if is_protected_group: raise errors.ProtectedEntryError(label=u'group', key=keys[-1], reason=u'Cannot be renamed') diff --git a/tests/test_xmlrpc/test_group_plugin.py b/tests/test_xmlrpc/test_group_plugin.py index a74a5e4c3..2d6d2014a 100644 --- a/tests/test_xmlrpc/test_group_plugin.py +++ b/tests/test_xmlrpc/test_group_plugin.py @@ -879,6 +879,13 @@ class test_group(Declarative): ), dict( + desc='Try to rename the admins group via setattr', + command=('group_mod', [u'admins'], {'setattr': u'cn=loosers'}), + expected=errors.ProtectedEntryError(label=u'group', + key='admins', reason='Cannot be renamed'), + ), + + dict( desc='Try to modify the admins group to support external membership', command=('group_mod', [u'admins'], dict(external=True)), expected=errors.ProtectedEntryError(label=u'group', @@ -900,6 +907,14 @@ class test_group(Declarative): ), dict( + desc='Try to rename the trust admins group via setattr', + command=('group_mod', [u'trust admins'], {'setattr': u'cn=loosers'}), + expected=errors.ProtectedEntryError(label=u'group', + key='trust admins', reason='Cannot be renamed'), + ), + + + dict( desc='Try to modify the trust admins group to support external membership', command=('group_mod', [u'trust admins'], dict(external=True)), expected=errors.ProtectedEntryError(label=u'group', |