From c0879cd00b17b61de54b52cb24a61ce85374cae4 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Tue, 11 Oct 2011 14:28:17 +0200
Subject: Disallow deletion of global password policy.

ticket 1936
---
 ipalib/plugins/pwpolicy.py | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'ipalib/plugins')

diff --git a/ipalib/plugins/pwpolicy.py b/ipalib/plugins/pwpolicy.py
index 79ea44dda..f261de562 100644
--- a/ipalib/plugins/pwpolicy.py
+++ b/ipalib/plugins/pwpolicy.py
@@ -366,6 +366,14 @@ class pwpolicy_del(LDAPDelete):
             attribute=True, required=True, multivalue=True
         )
 
+    def pre_callback(self, ldap, dn, *keys, **options):
+        if dn.lower() == global_policy_dn.lower():
+            raise errors.ValidationError(
+                name='group',
+                error=_('cannot delete global password policy')
+            )
+        return dn
+
     def post_callback(self, ldap, dn, *keys, **options):
         try:
             self.api.Command.cosentry_del(keys[-1])
-- 
cgit