diff options
author | Tomas Babej <tbabej@redhat.com> | 2013-02-20 10:50:36 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2013-02-26 09:34:38 +0100 |
commit | 6540a25979b1c5dc87c2bacee9b96a5be8150a5e (patch) | |
tree | 0347f9831f99334eabb5167d446bb08569aed8e0 | |
parent | 3ba19a3d46e31325ee3e39040cd665c7c4536031 (diff) | |
download | freeipa.git-6540a25979b1c5dc87c2bacee9b96a5be8150a5e.tar.gz freeipa.git-6540a25979b1c5dc87c2bacee9b96a5be8150a5e.tar.xz freeipa.git-6540a25979b1c5dc87c2bacee9b96a5be8150a5e.zip |
Add trusted domain range objectclass when using idrange-mod
When modifing the idrange, one was able to add ipa NT trusted
AD domain sid without objectclass ipatrustedaddomainrange being
added. This patch fixes the issue.
-rw-r--r-- | ipalib/plugins/idrange.py | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/ipalib/plugins/idrange.py b/ipalib/plugins/idrange.py index d32146fe..d8989327 100644 --- a/ipalib/plugins/idrange.py +++ b/ipalib/plugins/idrange.py @@ -533,6 +533,11 @@ class idrange_mod(LDAPUpdate): # perform this check only if the attribute was changed self.obj.validate_trusted_domain_sid( entry_attrs['ipanttrusteddomainsid']) + + # Add trusted AD domain range object class, if it wasn't there + if not 'ipatrustedaddomainrange' in old_attrs['objectclass']: + entry_attrs['objectclass'].append('ipatrustedaddomainrange') + else: # secondary base rid must be set if and only if base rid is set if in_updated_attrs('ipasecondarybaserid') !=\ |