From 3e3cc55d24e2bfc4fec80d5e10ce4f3646d7c08c Mon Sep 17 00:00:00 2001
From: Jan Zeleny <jzeleny@redhat.com>
Date: Mon, 24 Jan 2011 03:24:05 -0500
Subject: Disable renaming to empty string

So far it was possible to rename any object using LDAPUpdate to a name
with empty primary key. Since this can cause nasty problems, this patch
disables empty string in --rename argument.

https://fedorahosted.org/freeipa/ticket/827
---
 ipalib/plugins/baseldap.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index 27e543d03..b20d96012 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -800,6 +800,8 @@ class LDAPUpdate(LDAPQuery, crud.Update):
         rdnupdate = False
         try:
             if self.obj.rdnattr and 'rename' in options:
+                if not options['rename']:
+                    raise errors.ValidationError(name='rename', error=u'can\'t be empty')
                 entry_attrs[self.obj.rdnattr] = options['rename']
 
             if self.obj.rdnattr and self.obj.rdnattr in entry_attrs:
-- 
cgit