diff options
author | Pavel Zuna <pzuna@redhat.com> | 2011-01-25 15:25:52 -0500 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2011-01-26 11:39:02 -0500 |
commit | 3dae8f18a67185c08dfa52d2e8f7cfcf9b5661b1 (patch) | |
tree | 4a75151e84247dbd986bf6c674523e5f14349411 /ipalib/plugins/config.py | |
parent | c9ab92f21076c3a97cb2b945cee7c585afc830d0 (diff) | |
download | freeipa-3dae8f18a67185c08dfa52d2e8f7cfcf9b5661b1.tar.gz freeipa-3dae8f18a67185c08dfa52d2e8f7cfcf9b5661b1.tar.xz freeipa-3dae8f18a67185c08dfa52d2e8f7cfcf9b5661b1.zip |
Raise ValidationError when adding unallowed attribute to search fields.
Ticket #845
Diffstat (limited to 'ipalib/plugins/config.py')
-rw-r--r-- | ipalib/plugins/config.py | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/ipalib/plugins/config.py b/ipalib/plugins/config.py index 438f66385..390542d13 100644 --- a/ipalib/plugins/config.py +++ b/ipalib/plugins/config.py @@ -195,6 +195,22 @@ class config_mod(LDAPUpdate): api.Command['group_show'](group) except errors.NotFound: raise errors.NotFound(message=unicode("The group doesn't exist")) + kw = {} + if 'ipausersearchfields' in entry_attrs: + kw['ipausersearchfields'] = 'ipauserobjectclasses' + if 'ipagroupsearchfields' in entry_attrs: + kw['ipagroupsearchfields'] = 'ipagroupobjectclasses' + if kw: + config = ldap.get_ipa_config(kw.values()) + for (k, v) in kw.iteritems(): + allowed_attrs = ldap.get_allowed_attributes(config[1][v]) + fields = entry_attrs[k].split(',') + for a in fields: + a = a.strip() + if a not in allowed_attrs: + raise errors.ValidationError( + name=k, error='attribute "%s" not allowed' % a + ) return dn api.register(config_mod) |