diff options
| author | Petr Viktorin <pviktori@redhat.com> | 2014-04-11 12:09:32 +0200 |
|---|---|---|
| committer | Petr Viktorin <pviktori@redhat.com> | 2014-04-17 10:04:16 +0200 |
| commit | 81b0e7466d739a61b16c0e79c660a9f85d073c8c (patch) | |
| tree | 8f611dc93f0ad13e6ff04d02640b9516e89a1b74 | |
| parent | adde918f38a7df8f72e5293d1d0c5a5637b7e5a8 (diff) | |
| download | freeipa-81b0e7466d739a61b16c0e79c660a9f85d073c8c.tar.gz freeipa-81b0e7466d739a61b16c0e79c660a9f85d073c8c.tar.xz freeipa-81b0e7466d739a61b16c0e79c660a9f85d073c8c.zip | |
Do not ask for memberindirect when updating managed permissions
One of the default_attributes of permission is memberofindirect,
a virtual attribute manufactured by ldap2, which is set when a permission
is part of a role.
When update_entry is called on an entry with memberofindirect,
ipaldap tries to add the attribute to LDAP and fails with an objectclass
violation.
Do not ask for memberindirect when retrieving the entry.
Reviewed-By: Martin Kosek <mkosek@redhat.com>
| -rw-r--r-- | ipaserver/install/plugins/update_managed_permissions.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ipaserver/install/plugins/update_managed_permissions.py b/ipaserver/install/plugins/update_managed_permissions.py index efd87d0d1..3bba1f06e 100644 --- a/ipaserver/install/plugins/update_managed_permissions.py +++ b/ipaserver/install/plugins/update_managed_permissions.py @@ -133,7 +133,8 @@ class update_managed_permissions(PostUpdate): dn = self.api.Object[permission].get_dn(name) try: - attrs_list = self.api.Object[permission].default_attributes + attrs_list = list(self.api.Object[permission].default_attributes) + attrs_list.remove('memberindirect') entry = ldap.get_entry(dn, attrs_list) is_new = False except errors.NotFound: |