URL: https://github.com/freeipa/freeipa/pull/1076
Author: felipevolpone
 Title: #1076: [backport][ipa-4-5] Changing idoverrideuser-* to treat 
objectClass case insensitively
Action: opened

PR body:
"""
This is import to avoid problems when migrating from olders
versions of IPA and using idoverrideuser-* commands.

https://pagure.io/freeipa/issue/7074
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1076/head:pr1076
git checkout pr1076
From 3bbfc46a7df270071db5064c5097f9ef1700854d Mon Sep 17 00:00:00 2001
From: Felipe Volpone <fbarr...@redhat.com>
Date: Mon, 4 Sep 2017 09:12:06 -0300
Subject: [PATCH] Changing idoverrideuser-* to treat objectClass case
 insensitively

This is import to avoid problems when migrating from olders
versions of IPA and using idoverrideuser-* commands.

https://pagure.io/freeipa/issue/7074
---
 ipaserver/plugins/idviews.py | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/ipaserver/plugins/idviews.py b/ipaserver/plugins/idviews.py
index b5ee32cf13..a55c20bbf2 100644
--- a/ipaserver/plugins/idviews.py
+++ b/ipaserver/plugins/idviews.py
@@ -543,7 +543,8 @@ def resolve_object_to_anchor(ldap, obj_type, obj, fallback_to_ldap):
             'group': 'ipausergroup',
         }[obj_type]
 
-        if required_objectclass not in entry['objectclass']:
+        if not api.Object[obj_type].has_objectclass(entry['objectclass'],
+                                                    required_objectclass):
             raise errors.ValidationError(
                     name=_('IPA object'),
                     error=_('system IPA objects (e.g system groups, user '
@@ -786,12 +787,10 @@ def pre_callback(self, ldap, dn, *keys, **options):
         except errors.NotFound:
             self.obj.handle_not_found(*keys)
 
-        required_object_classes = set(self.obj.object_class)
-        actual_object_classes = set(entry['objectclass'])
-
         # If not, treat it as a failed search
-        if not required_object_classes.issubset(actual_object_classes):
-            self.obj.handle_not_found(*keys)
+        for required_oc in self.obj.object_class:
+            if not self.obj.has_objectclass(entry['objectclass'], required_oc):
+                self.obj.handle_not_found(*keys)
 
         return dn
 
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

Reply via email to