summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPetr Viktorin <pviktori@redhat.com>2014-05-16 13:18:36 +0200
committerPetr Viktorin <pviktori@redhat.com>2014-05-26 12:39:33 +0200
commit988b2cebf4bf6657eb50f5ecc57bd39425739b8b (patch)
tree21b2a6dba2b0baeefffa78466b8088109fd32a24
parent193ced0bd7a9a26e7b25f08b023ee21302acaac7 (diff)
downloadfreeipa-988b2cebf4bf6657eb50f5ecc57bd39425739b8b.zip
freeipa-988b2cebf4bf6657eb50f5ecc57bd39425739b8b.tar.gz
freeipa-988b2cebf4bf6657eb50f5ecc57bd39425739b8b.tar.xz
ldap2.find_entries: Do not modify attrs_list in-place
dap2.find_entries modified the passed in attrs_list to remove the virtual attributes memberindirect and memberofindirect before passing the list to LDAP. This means that a call like ldap2.get_entry(dn, attrs_list=some_framework_object.default_attributes) would permanently remove the virtual attributes from some_framework_object's definition. Create a copy of the list instead. https://fedorahosted.org/freeipa/ticket/4349 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
-rw-r--r--ipaserver/plugins/ldap2.py15
1 files changed, 9 insertions, 6 deletions
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index 17bd841..03ab2db 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -186,12 +186,15 @@ class ldap2(LDAPClient, CrudBackend):
has_memberindirect = False
has_memberofindirect = False
if attrs_list:
- if 'memberindirect' in attrs_list:
- has_memberindirect = True
- attrs_list.remove('memberindirect')
- if 'memberofindirect' in attrs_list:
- has_memberofindirect = True
- attrs_list.remove('memberofindirect')
+ new_attrs_list = []
+ for attr_name in attrs_list:
+ if attr_name == 'memberindirect':
+ has_memberindirect = True
+ elif attr_name == 'memberofindirect':
+ has_memberofindirect = True
+ else:
+ new_attrs_list.append(attr_name)
+ attrs_list = new_attrs_list
res, truncated = super(ldap2, self).find_entries(
filter=filter, attrs_list=attrs_list, base_dn=base_dn, scope=scope,