From d9627ab1651f4ab00c3734cc5bd69b051f79f92b Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 5 Jul 2011 13:36:48 -0400
Subject: find_entry_by_attr() should fail if multiple entries are found

It will only ever return one entry so if more than one are found
then we raise an exception. This is most easily seen in the host
plugin where we search on the server shortname which can be the
same across sub-domains (e.g. foo.example.com &
foo.lab.example.com).

https://fedorahosted.org/freeipa/ticket/1388
---
 ipaserver/plugins/ldap2.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'ipaserver')

diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index 5d6d21d43..6f34984ca 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -620,7 +620,12 @@ class ldap2(CrudBackend, Encoder):
         """
         search_kw = {attr: value, 'objectClass': object_class}
         filter = self.make_filter(search_kw, rules=self.MATCH_ALL)
-        return self.find_entries(filter, attrs_list, base_dn)[0][0]
+        (entries, truncated) = self.find_entries(filter, attrs_list, base_dn)
+
+        if len(entries) > 1:
+            raise errors.SingleMatchExpected(found=len(entries))
+        else:
+            return entries[0]
 
     def get_entry(self, dn, attrs_list=None, time_limit=None,
                   size_limit=None, normalize=True):
-- 
cgit