diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2010-12-17 16:57:28 -0500 |
|---|---|---|
| committer | Simo Sorce <ssorce@redhat.com> | 2010-12-17 18:04:37 -0500 |
| commit | 34534a026f39e5c5c139d23ab70db72009789e5b (patch) | |
| tree | 7e64d9a94bd2a6c5ac54e54f46e600b539727212 /ipalib/plugins | |
| parent | 7035ffe49ca8456a1efc155c9cb22ec01a881ba2 (diff) | |
| download | freeipa-34534a026f39e5c5c139d23ab70db72009789e5b.tar.gz freeipa-34534a026f39e5c5c139d23ab70db72009789e5b.tar.xz freeipa-34534a026f39e5c5c139d23ab70db72009789e5b.zip | |
Don't use camel-case LDAP attributes in ACI and don't clear enrolledBy
We keep LDAP attributes lower-case elsewhere in the API we should do the
same with all access controls.
There were two ACIs pointing at the manage_host_keytab permission. This
isn't allowed in general and we have decided separately to not clear out
enrolledBy when a host is unenrolled so dropping it is the obvious thing
to do.
ticket 597
Diffstat (limited to 'ipalib/plugins')
| -rw-r--r-- | ipalib/plugins/delegation.py | 1 | ||||
| -rw-r--r-- | ipalib/plugins/host.py | 1 | ||||
| -rw-r--r-- | ipalib/plugins/permission.py | 1 | ||||
| -rw-r--r-- | ipalib/plugins/selfservice.py | 1 |
4 files changed, 3 insertions, 1 deletions
diff --git a/ipalib/plugins/delegation.py b/ipalib/plugins/delegation.py index b9fc7f146..c233784d1 100644 --- a/ipalib/plugins/delegation.py +++ b/ipalib/plugins/delegation.py @@ -108,6 +108,7 @@ class delegation(Object): cli_name='attrs', label=_('Attributes'), doc=_('Comma-separated list of attributes'), + normalizer=lambda value: value.lower(), ), Str('memberof', cli_name='membergroup', diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index 22cd424ed..91aa65154 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -686,7 +686,6 @@ class host_disable(LDAPQuery): if 'krblastpwdchange' in entry_attrs: ldap.remove_principal_key(dn) - api.Command['host_mod'](fqdn=keys[-1], setattr=u'enrolledby=') done_work = True if not done_work: diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index 058a2cd3e..3734ae2c2 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -115,6 +115,7 @@ class permission(LDAPObject): cli_name='attrs', label=_('Attributes'), doc=_('Comma-separated list of attributes'), + normalizer=lambda value: value.lower(), ), StrEnum('type?', cli_name='type', diff --git a/ipalib/plugins/selfservice.py b/ipalib/plugins/selfservice.py index 63c40f681..cedcf9b0d 100644 --- a/ipalib/plugins/selfservice.py +++ b/ipalib/plugins/selfservice.py @@ -89,6 +89,7 @@ class selfservice(Object): cli_name='attrs', label=_('Attributes'), doc=_('Comma-separated list of attributes'), + normalizer=lambda value: value.lower(), ), ) |