permission plugin: Ensure ipapermlocation (subtree) always exists

author: Petr Viktorin <pviktori@redhat.com> 2013-12-05 18:18:32 +0100
committer: Martin Kosek <mkosek@redhat.com> 2013-12-13 15:08:52 +0100
commit: 7fc35ced1d83d9901f4a1bf59482c3c4666d6079 (patch)
tree: 18ccbbc269fc59f6b8e88b994ba251933d583289 /ipalib/plugins
parent: 53caa7aca21b097e1ca975c1c4b4e7038558bc9b (diff)
download: freeipa-7fc35ced1d83d9901f4a1bf59482c3c4666d6079.tar.gz
freeipa-7fc35ced1d83d9901f4a1bf59482c3c4666d6079.tar.xz
freeipa-7fc35ced1d83d9901f4a1bf59482c3c4666d6079.zip
1 files changed, 10 insertions, 0 deletions
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index da1c41d65..f3f001b74 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -623,6 +623,16 @@ class permission(baseldap.LDAPObject):
                     name='ipapermtargetfilter',
                     error=_('Bad search filter'))
 
+        # Ensure location exists
+        if entry.get('ipapermlocation'):
+            location = DN(entry.single_value['ipapermlocation'])
+            try:
+                ldap.get_entry(location, attrs_list=[])
+            except errors.NotFound:
+                raise errors.ValidationError(
+                    name='ipapermlocation',
+                    error=_('Entry %s does not exist') % location)
+
         # Ensure there's something in the ACI's filter
         needed_attrs = (
             'ipapermtarget', 'ipapermtargetfilter', 'ipapermallowedattr')
author	Petr Viktorin <pviktori@redhat.com>	2013-12-05 18:18:32 +0100
committer	Martin Kosek <mkosek@redhat.com>	2013-12-13 15:08:52 +0100
commit	7fc35ced1d83d9901f4a1bf59482c3c4666d6079 (patch)
tree	18ccbbc269fc59f6b8e88b994ba251933d583289 /ipalib/plugins
parent	53caa7aca21b097e1ca975c1c4b4e7038558bc9b (diff)
download	freeipa-7fc35ced1d83d9901f4a1bf59482c3c4666d6079.tar.gz freeipa-7fc35ced1d83d9901f4a1bf59482c3c4666d6079.tar.xz freeipa-7fc35ced1d83d9901f4a1bf59482c3c4666d6079.zip