diff options
author | Petr Viktorin <pviktori@redhat.com> | 2014-02-19 14:18:58 +0100 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-02-20 12:33:36 +0100 |
commit | 0824d12c95d840b1787743e8316b0bc0f7ba5284 (patch) | |
tree | 828f424a9621de4bc9924181339c7480879fcef4 | |
parent | 340cbd4a7d2fc31ae20843477156a2948529a41e (diff) | |
download | freeipa-0824d12c95d840b1787743e8316b0bc0f7ba5284.tar.gz freeipa-0824d12c95d840b1787743e8316b0bc0f7ba5284.tar.xz freeipa-0824d12c95d840b1787743e8316b0bc0f7ba5284.zip |
permission-mod: Do not copy member attributes to new entry
Fixes: https://fedorahosted.org/freeipa/ticket/4178
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
-rw-r--r-- | ipalib/plugins/permission.py | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index d003bcabb..deb069d3a 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -883,7 +883,9 @@ class permission_mod(baseldap.LDAPUpdate): # it cannot be used directly to generate an ACI. # First we need to copy the original data into it. for key, value in old_entry.iteritems(): - if key not in options and key != 'cn': + if (key not in options and + key != 'cn' and + key not in self.obj.attribute_members): entry.setdefault(key, value) if not entry.get('ipapermlocation'): |