From 759ae9e2ef6ce9e4674177cb7892f0cc1c7186cd Mon Sep 17 00:00:00 2001
From: Martin Kosek <mkosek@redhat.com>
Date: Fri, 30 Sep 2011 11:04:14 +0200
Subject: Fix LDAPCreate search failure

LDAPCreate reports "search criteria was not specific enough" when LDAP
object created in LDAPCreate shares its container with other LDAP objects
and there is one with the same name and RDN attribute.

Pass objectclass to find_entry_by_attr() function used to retrieve
newly created object for POST_CALLBACK to identify correct LDAP
object.

https://fedorahosted.org/freeipa/ticket/1864
---
 ipalib/plugins/baseldap.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index 11cd72cc0..20f23c2e0 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -739,8 +739,13 @@ class LDAPCreate(CallbackInterface, crud.Create):
 
         try:
             if self.obj.rdn_attribute:
+                # make sure objectclass is either set or None
+                if self.obj.object_class:
+                    object_class = self.obj.object_class
+                else:
+                    object_class = None
                 (dn, entry_attrs) = ldap.find_entry_by_attr(
-                    self.obj.primary_key.name, keys[-1], None, attrs_list,
+                    self.obj.primary_key.name, keys[-1], object_class, attrs_list,
                     self.obj.container_dn
                 )
             else:
-- 
cgit