From 5ba8eeb970a8a72ec189e80e369bb7f70091e409 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mkosek@redhat.com>
Date: Mon, 9 Jul 2012 14:27:07 +0200
Subject: Do not change LDAPObject objectclass list

__json__ method of LDAPObject may inadvertently append a list of possible
objectclasses to a list of basic objectclasses and thus change a behavior
of all subsequent LDAPSearch command. The command may only return objects
where all "possible" objectclasses are present and thus returning an
incomplete list.

Make sure that the LDAPObject object_class list is not modified during
the __json__ method.

https://fedorahosted.org/freeipa/ticket/2906
---
 ipalib/plugins/baseldap.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'ipalib/plugins/baseldap.py')

diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index b841435f..6a37995c 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -635,7 +635,7 @@ class LDAPObject(Object):
             objectclasses = config.get(
                 self.object_class_config, objectclasses
             )
-        objectclasses += self.possible_objectclasses
+        objectclasses = objectclasses + self.possible_objectclasses
         # Get list of available attributes for this object for use
         # in the ACI UI.
         attrs = self.api.Backend.ldap2.schema.attribute_types(objectclasses)
-- 
cgit