From 7fc35ced1d83d9901f4a1bf59482c3c4666d6079 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Thu, 5 Dec 2013 18:18:32 +0100
Subject: permission plugin: Ensure ipapermlocation (subtree) always exists

---
 ipalib/plugins/permission.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'ipalib/plugins')

diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index da1c41d6..f3f001b7 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -623,6 +623,16 @@ class permission(baseldap.LDAPObject):
                     name='ipapermtargetfilter',
                     error=_('Bad search filter'))
 
+        # Ensure location exists
+        if entry.get('ipapermlocation'):
+            location = DN(entry.single_value['ipapermlocation'])
+            try:
+                ldap.get_entry(location, attrs_list=[])
+            except errors.NotFound:
+                raise errors.ValidationError(
+                    name='ipapermlocation',
+                    error=_('Entry %s does not exist') % location)
+
         # Ensure there's something in the ACI's filter
         needed_attrs = (
             'ipapermtarget', 'ipapermtargetfilter', 'ipapermallowedattr')
-- 
cgit