From 3d55b66e48466bf190f85d78d15c040d27bc136d Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 11 Oct 2010 11:16:52 -0400
Subject: Enforce the maximum username length from cn=ipaconfig

ticket 226
---
 ipalib/plugins/user.py | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'ipalib/plugins/user.py')

diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index a6e6b5d2..4bbb86c9 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -178,6 +178,9 @@ class user_add(LDAPCreate):
 
     def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
         config = ldap.get_ipa_config()[1]
+        if 'ipamaxusernamelength' in config:
+            if len(keys[-1]) > int(config.get('ipamaxusernamelength')[0]):
+                raise errors.ValidationError(name='uid', error=_('can be at most %(len)d characters' % dict(len = int(config.get('ipamaxusernamelength')[0]))))
         entry_attrs.setdefault('loginshell', config.get('ipadefaultloginshell'))
         # hack so we can request separate first and last name in CLI
         full_name = '%s %s' % (entry_attrs['givenname'], entry_attrs['sn'])
-- 
cgit