From c7789199f9541844bf8c36a85311ba957a1c1dcb Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 10 Jan 2011 14:21:45 -0500
Subject: Fix output of failed managedby hosts, allow a host to manage itself.

The output problem was a missing label for failed managedby.

This also fixes a call to print_entry that was missing the flags argument.

Add a flag to specify whether a group can be a member of itself, defaulting
to False.

ticket 708
---
 ipaserver/plugins/ldap2.py | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

(limited to 'ipaserver')

diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index 77133aec2..a728199eb 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -802,8 +802,14 @@ class ldap2(CrudBackend, Encoder):
         except _ldap.LDAPError, e:
             _handle_errors(e, **{})
 
-    def add_entry_to_group(self, dn, group_dn, member_attr='member'):
-        """Add entry to group."""
+    def add_entry_to_group(self, dn, group_dn, member_attr='member', allow_same=False):
+        """
+        Add entry designaed by dn to group group_dn in the member attribute
+        member_attr.
+
+        Adding a group as a member of itself is not allowed unless allow_same
+        is True.
+        """
         # check if the entry exists
         (dn, entry_attrs) = self.get_entry(dn, ['objectclass'])
 
@@ -811,7 +817,7 @@ class ldap2(CrudBackend, Encoder):
         (group_dn, group_entry_attrs) = self.get_entry(group_dn, [member_attr])
 
         # check if we're not trying to add group into itself
-        if dn == group_dn:
+        if dn == group_dn and not allow_same:
             raise errors.SameGroupError()
 
         # add dn to group entry's `member_attr` attribute
-- 
cgit