From 34534a026f39e5c5c139d23ab70db72009789e5b Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 17 Dec 2010 16:57:28 -0500
Subject: Don't use camel-case LDAP attributes in ACI and don't clear
 enrolledBy

We keep LDAP attributes lower-case elsewhere in the API we should do the
same with all access controls.

There were two ACIs pointing at the manage_host_keytab permission. This
isn't allowed in general and we have decided separately to not clear out
enrolledBy when a host is unenrolled so dropping it is the obvious thing
to do.

ticket 597
---
 ipalib/plugins/delegation.py  | 1 +
 ipalib/plugins/host.py        | 1 -
 ipalib/plugins/permission.py  | 1 +
 ipalib/plugins/selfservice.py | 1 +
 4 files changed, 3 insertions(+), 1 deletion(-)

(limited to 'ipalib/plugins')

diff --git a/ipalib/plugins/delegation.py b/ipalib/plugins/delegation.py
index b9fc7f14..c233784d 100644
--- a/ipalib/plugins/delegation.py
+++ b/ipalib/plugins/delegation.py
@@ -108,6 +108,7 @@ class delegation(Object):
             cli_name='attrs',
             label=_('Attributes'),
             doc=_('Comma-separated list of attributes'),
+            normalizer=lambda value: value.lower(),
         ),
         Str('memberof',
             cli_name='membergroup',
diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py
index 22cd424e..91aa6515 100644
--- a/ipalib/plugins/host.py
+++ b/ipalib/plugins/host.py
@@ -686,7 +686,6 @@ class host_disable(LDAPQuery):
 
         if 'krblastpwdchange' in entry_attrs:
             ldap.remove_principal_key(dn)
-            api.Command['host_mod'](fqdn=keys[-1], setattr=u'enrolledby=')
             done_work = True
 
         if not done_work:
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index 058a2cd3..3734ae2c 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -115,6 +115,7 @@ class permission(LDAPObject):
             cli_name='attrs',
             label=_('Attributes'),
             doc=_('Comma-separated list of attributes'),
+            normalizer=lambda value: value.lower(),
         ),
         StrEnum('type?',
             cli_name='type',
diff --git a/ipalib/plugins/selfservice.py b/ipalib/plugins/selfservice.py
index 63c40f68..cedcf9b0 100644
--- a/ipalib/plugins/selfservice.py
+++ b/ipalib/plugins/selfservice.py
@@ -89,6 +89,7 @@ class selfservice(Object):
             cli_name='attrs',
             label=_('Attributes'),
             doc=_('Comma-separated list of attributes'),
+            normalizer=lambda value: value.lower(),
         ),
     )
 
-- 
cgit