diff options
author | Petr Spacek <pspacek@redhat.com> | 2016-08-22 10:14:20 +0200 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2016-08-22 17:53:31 +0200 |
commit | 3ac2709f4b026e7c7153777f7472c383fe99a175 (patch) | |
tree | a537ad94182480850208caa6b58a54965e3ac7af /ipaserver/plugins/config.py | |
parent | c9419411c95baa67a5bf61fad0adc239e289e4dc (diff) | |
download | freeipa-3ac2709f4b026e7c7153777f7472c383fe99a175.tar.gz freeipa-3ac2709f4b026e7c7153777f7472c383fe99a175.tar.xz freeipa-3ac2709f4b026e7c7153777f7472c383fe99a175.zip |
config-mod: normalize attribute names for --usersearch/--groupsearch
https://fedorahosted.org/freeipa/ticket/6236
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'ipaserver/plugins/config.py')
-rw-r--r-- | ipaserver/plugins/config.py | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/ipaserver/plugins/config.py b/ipaserver/plugins/config.py index a9e811ecd..95bbb49cc 100644 --- a/ipaserver/plugins/config.py +++ b/ipaserver/plugins/config.py @@ -288,14 +288,18 @@ class config_mod(LDAPUpdate): config = ldap.get_ipa_config(list(kw.values())) for (k, v) in kw.items(): allowed_attrs = ldap.get_allowed_attributes(config[v]) - fields = entry_attrs[k].split(',') - for a in fields: - a = a.strip() + # normalize attribute names + attributes = [field.strip().lower() + for field in entry_attrs[k].split(',')] + # test if all base types (without sub-types) are allowed + for a in attributes: a, tomato, olive = a.partition(';') if a not in allowed_attrs: raise errors.ValidationError( name=k, error=_('attribute "%s" not allowed') % a ) + # write normalized form to LDAP + entry_attrs[k] = ','.join(attributes) # Set ipasearchrecordslimit to -1 if 0 is used if 'ipasearchrecordslimit' in entry_attrs: |