From 86fe47b87df4e503e9d1d4c6cf6be62b5cbab685 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 15 Feb 2011 15:04:40 -0500
Subject: Don't allow host cn to be changed (it isn't used anyway).

We are required by LDAP schema to have a cn value. Don't let
users change it thinking they are actually doing something.

tickets 706 and 707
---
 ipalib/plugins/host.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py
index 300f4b8b3..73bad5f88 100644
--- a/ipalib/plugins/host.py
+++ b/ipalib/plugins/host.py
@@ -533,6 +533,8 @@ class host_mod(LDAPUpdate):
 
     def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
         # Once a principal name is set it cannot be changed
+        if 'cn' in entry_attrs:
+            raise errors.ACIError(info='cn is immutable')
         if 'locality' in entry_attrs:
             entry_attrs['l'] = entry_attrs['locality']
             del entry_attrs['locality']
-- 
cgit