From 34534a026f39e5c5c139d23ab70db72009789e5b Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 17 Dec 2010 16:57:28 -0500
Subject: Don't use camel-case LDAP attributes in ACI and don't clear
 enrolledBy

We keep LDAP attributes lower-case elsewhere in the API we should do the
same with all access controls.

There were two ACIs pointing at the manage_host_keytab permission. This
isn't allowed in general and we have decided separately to not clear out
enrolledBy when a host is unenrolled so dropping it is the obvious thing
to do.

ticket 597
---
 ipalib/plugins/host.py | 1 -
 1 file changed, 1 deletion(-)

(limited to 'ipalib/plugins/host.py')

diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py
index 22cd424e..91aa6515 100644
--- a/ipalib/plugins/host.py
+++ b/ipalib/plugins/host.py
@@ -686,7 +686,6 @@ class host_disable(LDAPQuery):
 
         if 'krblastpwdchange' in entry_attrs:
             ldap.remove_principal_key(dn)
-            api.Command['host_mod'](fqdn=keys[-1], setattr=u'enrolledby=')
             done_work = True
 
         if not done_work:
-- 
cgit