2 files changed, 25 insertions, 8 deletions
diff --git a/ipa-python/ipaclient.py b/ipa-python/ipaclient.py
index 2d4e727ae..729189997 100644
--- a/ipa-python/ipaclient.py
+++ b/ipa-python/ipaclient.py
@@ -116,14 +116,12 @@ class IPAClient:
 
         return users
 
-    def update_user(self,olduser,newuser):
-        """Update a user entry. olduser is a dict of attribute/value pairs
-           of the original entry. newuser is a dict of attribute/value pairs
-           of the new entry."""
+    def update_user(self,user):
+        """Update a user entry."""
 
         realm = config.config.get_realm()
 
-        result = self.transport.update_user(olduser,newuser)
+        result = self.transport.update_user(user.origDataDict(), user.toDict())
         return result
 
     def mark_user_deleted(self,uid):
diff --git a/ipa-python/user.py b/ipa-python/user.py
index ecbd2845c..38a634725 100644
--- a/ipa-python/user.py
+++ b/ipa-python/user.py
@@ -11,7 +11,8 @@ class User:
     In python-ldap, entries are returned as a list of 2-tuples.
     Instance variables:
     dn - string - the string DN of the entry
-    data - cidict - case insensitive dict of the attributes and values"""
+    data - cidict - case insensitive dict of the attributes and values
+    orig_data - cidict - case insentiive dict of the original attributes and values"""
 
     def __init__(self,entrydata):
         """data is the raw data returned from the python-ldap result method,
@@ -32,6 +33,8 @@ class User:
             self.dn = ''
             self.data = ldap.cidict.cidict()
 
+        self.orig_data = dict(self.data)
+
     def __nonzero__(self):
         """This allows us to do tests like if entry: returns false if there is no data,
         true otherwise"""
@@ -41,6 +44,14 @@ class User:
         """Return True if this entry has an attribute named name, False otherwise"""
         return self.data and self.data.has_key(name)
 
+    def __setattr__(self,name,value):
+        """One should use setValue() or setValues() to set values except for
+           dn and data which are special."""
+        if name != 'dn' and name != 'data' and name != 'orig_data':
+            raise KeyError, 'use setValue() or setValues()'
+        else:
+            self.__dict__[name] = value
+
     def __getattr__(self,name):
         """If name is the name of an LDAP attribute, return the first value for that
         attribute - equivalent to getValue - this allows the use of
@@ -72,9 +83,9 @@ class User:
            ent.setValue('name', ('value1', 'value2', ..., 'valueN'))
         Since *value is a tuple, we may have to extract a list or tuple from that
         tuple as in the last two examples above"""
-        if (len(value[0]) < 1):
+        if (len(value) < 1):
             return
-        if isinstance(value[0],list) or isinstance(value[0],tuple):
+        if (len(value) == 1):
             self.data[name] = value[0]
         else:
             self.data[name] = value
@@ -100,6 +111,14 @@ class User:
         """Return a list of all attributes in the entry"""
         return self.data.keys()
 
+    def origDataDict(self):
+        """Returns a dict of the original values of the user.  Used for updates."""
+        result = {}
+        for k in self.orig_data.keys():
+            result[k] = self.orig_data[k]
+        result['dn'] = self.dn
+        return result
+
 #    def __str__(self):
 #        """Convert the Entry to its LDIF representation"""
 #        return self.__repr__()