From 988b2cebf4bf6657eb50f5ecc57bd39425739b8b Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Fri, 16 May 2014 13:18:36 +0200
Subject: ldap2.find_entries: Do not modify attrs_list in-place

dap2.find_entries modified the passed in attrs_list to remove
the virtual attributes memberindirect and memberofindirect
before passing the list to LDAP. This means that a call like
    ldap2.get_entry(dn, attrs_list=some_framework_object.default_attributes)
would permanently remove the virtual attributes from
some_framework_object's definition.

Create a copy of the list instead.

https://fedorahosted.org/freeipa/ticket/4349

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
---
 ipaserver/plugins/ldap2.py | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index 17bd84118..03ab2dbfe 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -186,12 +186,15 @@ class ldap2(LDAPClient, CrudBackend):
         has_memberindirect = False
         has_memberofindirect = False
         if attrs_list:
-            if 'memberindirect' in attrs_list:
-                has_memberindirect = True
-                attrs_list.remove('memberindirect')
-            if 'memberofindirect' in attrs_list:
-                has_memberofindirect = True
-                attrs_list.remove('memberofindirect')
+            new_attrs_list = []
+            for attr_name in attrs_list:
+                if attr_name == 'memberindirect':
+                    has_memberindirect = True
+                elif attr_name == 'memberofindirect':
+                    has_memberofindirect = True
+                else:
+                    new_attrs_list.append(attr_name)
+            attrs_list = new_attrs_list
 
         res, truncated = super(ldap2, self).find_entries(
             filter=filter, attrs_list=attrs_list, base_dn=base_dn, scope=scope,
-- 
cgit