diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2010-10-26 14:31:00 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2010-10-28 17:36:05 -0400 |
| commit | 7486ead6c910d13ae4d7cbae6fae738ce2bf47eb (patch) | |
| tree | 32ce7ca9a1407e5506e965f1c85b8b9b07047b18 /ipalib/plugins/pwpolicy.py | |
| parent | c1dfb50ee9be266e3448ad53acd8a6464938c604 (diff) | |
| download | freeipa.git-7486ead6c910d13ae4d7cbae6fae738ce2bf47eb.tar.gz freeipa.git-7486ead6c910d13ae4d7cbae6fae738ce2bf47eb.tar.xz freeipa.git-7486ead6c910d13ae4d7cbae6fae738ce2bf47eb.zip | |
Don't allow managed groups to have group password policy.
UPG cannot have members and we use memberOf in class of service to determine
which policy to apply.
ticket 160
Diffstat (limited to 'ipalib/plugins/pwpolicy.py')
| -rw-r--r-- | ipalib/plugins/pwpolicy.py | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/ipalib/plugins/pwpolicy.py b/ipalib/plugins/pwpolicy.py index 5e81631f..89347361 100644 --- a/ipalib/plugins/pwpolicy.py +++ b/ipalib/plugins/pwpolicy.py @@ -115,7 +115,10 @@ class cosentry_add(LDAPCreate): def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): # check for existence of the group - self.api.Command.group_show(keys[-1]) + result = self.api.Command.group_show(keys[-1], all=True)['result'] + oc = map(lambda x:x.lower(),result['objectclass']) + if 'mepmanagedentry' in oc: + raise errors.ManagedPolicyError() self.obj.check_priority_uniqueness(*keys, **options) del entry_attrs['cn'] return dn |