diff options
author | Martin Kosek <mkosek@redhat.com> | 2012-07-09 14:27:07 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2012-07-09 14:53:11 +0200 |
commit | 5ba8eeb970a8a72ec189e80e369bb7f70091e409 (patch) | |
tree | 9b3d2143e54e891bccc43851fa0c5fe67c32ec52 /ipalib | |
parent | 0ffb2022fe2c485fce99c335e6b5f1f8c768152c (diff) | |
download | freeipa-5ba8eeb970a8a72ec189e80e369bb7f70091e409.tar.gz freeipa-5ba8eeb970a8a72ec189e80e369bb7f70091e409.tar.xz freeipa-5ba8eeb970a8a72ec189e80e369bb7f70091e409.zip |
Do not change LDAPObject objectclass list
__json__ method of LDAPObject may inadvertently append a list of possible
objectclasses to a list of basic objectclasses and thus change a behavior
of all subsequent LDAPSearch command. The command may only return objects
where all "possible" objectclasses are present and thus returning an
incomplete list.
Make sure that the LDAPObject object_class list is not modified during
the __json__ method.
https://fedorahosted.org/freeipa/ticket/2906
Diffstat (limited to 'ipalib')
-rw-r--r-- | ipalib/plugins/baseldap.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index b841435fd..6a37995c5 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -635,7 +635,7 @@ class LDAPObject(Object): objectclasses = config.get( self.object_class_config, objectclasses ) - objectclasses += self.possible_objectclasses + objectclasses = objectclasses + self.possible_objectclasses # Get list of available attributes for this object for use # in the ACI UI. attrs = self.api.Backend.ldap2.schema.attribute_types(objectclasses) |