diff options
author | Nathaniel McCallum <npmccallum@redhat.com> | 2014-02-10 12:07:51 -0500 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-02-13 19:43:29 +0100 |
commit | a2ae2918dd3dce00c4d5b7aa61d6f5ba08b5e97f (patch) | |
tree | a93a32283551312afb55e37dd93306afc91c7de2 /ipalib | |
parent | 9cf311db1d056e7a4a53490932dd4d1f8e4bd26c (diff) | |
download | freeipa.git-a2ae2918dd3dce00c4d5b7aa61d6f5ba08b5e97f.tar.gz freeipa.git-a2ae2918dd3dce00c4d5b7aa61d6f5ba08b5e97f.tar.xz freeipa.git-a2ae2918dd3dce00c4d5b7aa61d6f5ba08b5e97f.zip |
Fix generation of invalid OTP URIs
https://fedorahosted.org/freeipa/ticket/4169
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'ipalib')
-rw-r--r-- | ipalib/plugins/otptoken.py | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/ipalib/plugins/otptoken.py b/ipalib/plugins/otptoken.py index 7462ca9f..a85a6431 100644 --- a/ipalib/plugins/otptoken.py +++ b/ipalib/plugins/otptoken.py @@ -202,6 +202,15 @@ class otptoken_add(LDAPCreate): ) def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): + # These are values we always want to write to LDAP. So if they are + # specified as a value that evaluates to False (i.e. None), delete them + # and fill in the defaults below. + for attr in ('ipatokentotpclockoffset', 'ipatokentotptimestep', + 'ipatokenotpalgorithm', 'ipatokenotpdigits', + 'ipatokenotpkey'): + if attr in entry_attrs and not entry_attrs[attr]: + del entry_attrs[attr] + # Set defaults. This needs to happen on the server side because we may # have global configurable defaults in the near future. options.setdefault('type', TOKEN_TYPES[0]) |