summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ipalib/plugins/user.py8
1 files changed, 8 insertions, 0 deletions
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index 70cece620..f5eea38b4 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -63,6 +63,12 @@ from ipalib import _, ngettext
from ipalib.request import context
from time import gmtime, strftime
+def validate_nsaccountlock(entry_attrs):
+ if 'nsaccountlock' in entry_attrs:
+ if not isinstance(entry_attrs['nsaccountlock'], basestring):
+ raise errors.OnlyOneValueAllowed(attr='nsaccountlock')
+ if entry_attrs['nsaccountlock'].lower() not in ('true','false'):
+ raise errors.ValidationError(name='nsaccountlock', error='must be TRUE or FALSE')
class user(LDAPObject):
"""
@@ -258,6 +264,7 @@ class user_add(LDAPCreate):
raise errors.ManagedGroupExistsError(group=keys[-1])
except errors.NotFound:
pass
+ validate_nsaccountlock(entry_attrs)
config = ldap.get_ipa_config()[1]
if 'ipamaxusernamelength' in config:
if len(keys[-1]) > int(config.get('ipamaxusernamelength')[0]):
@@ -335,6 +342,7 @@ class user_mod(LDAPUpdate):
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
if 'mail' in entry_attrs:
entry_attrs['mail'] = self.obj._normalize_email(entry_attrs['mail'])
+ validate_nsaccountlock(entry_attrs)
return dn
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):