diff options
Diffstat (limited to 'ipalib')
-rw-r--r-- | ipalib/plugins/config.py | 35 |
1 files changed, 20 insertions, 15 deletions
diff --git a/ipalib/plugins/config.py b/ipalib/plugins/config.py index c8230e23a..d632e2edf 100644 --- a/ipalib/plugins/config.py +++ b/ipalib/plugins/config.py @@ -250,30 +250,35 @@ class config_mod(LDAPUpdate): error=_('%(obj)s default attribute %(attr)s would not be allowed!') \ % dict(obj=obj, attr=obj_attr)) - if 'ipaselinuxusermapdefault' in options and options['ipaselinuxusermapdefault'] is None: - raise errors.ValidationError(name='ipaselinuxusermapdefault', - error=_('SELinux user map default user may not be empty')) - - # Make sure the default user is in the list - if 'ipaselinuxusermapdefault' in options or \ - 'ipaselinuxusermaporder' in options: + # Combine the current entry and options into a single object to + # evaluate. This covers changes via setattr and options. + # Note: this is not done in a validator because we may be changing + # the default user and map list at the same time and we don't + # have both values in a validator. + validate = dict(options) + validate.update(entry_attrs) + if ('ipaselinuxusermapdefault' in validate or + 'ipaselinuxusermaporder' in validate): config = None - if 'ipaselinuxusermapdefault' in options: - defaultuser = options['ipaselinuxusermapdefault'] + failedattr = 'ipaselinuxusermaporder' + if 'ipaselinuxusermapdefault' in validate: + defaultuser = validate['ipaselinuxusermapdefault'] + failedattr = 'ipaselinuxusermapdefault' else: config = ldap.get_ipa_config()[1] - defaultuser = config['ipaselinuxusermapdefault'] + defaultuser = config['ipaselinuxusermapdefault'][0] - if 'ipaselinuxusermaporder' in options: - order = options['ipaselinuxusermaporder'] + if 'ipaselinuxusermaporder' in validate: + order = validate['ipaselinuxusermaporder'] + userlist = order.split('$') else: if not config: config = ldap.get_ipa_config()[1] order = config['ipaselinuxusermaporder'] - userlist = order[0].split('$') + userlist = order[0].split('$') if defaultuser not in userlist: - raise errors.ValidationError(name='ipaselinuxusermaporder', - error=_('Default SELinux user map default user not in order list')) + raise errors.ValidationError(name=failedattr, + error=_('SELinux user map default user not in order list')) return dn |