This patch adds a check in ldap2 for single-value attributes. DS doesn't seem to care much about attributes being defined as SINGLE-VALUE except for things like uidNumber and gidNumber (I suspect this is handled by the DNA plugin).

Ticket #246

Pavel
>From 94681f66292904979227bbe2fed058ba9b1a23a4 Mon Sep 17 00:00:00 2001
From: Pavel Zuna <pz...@redhat.com>
Date: Wed, 13 Oct 2010 12:40:51 -0400
Subject: [PATCH] Check if attribute is single-value before trying to add values to it.

Ticket #246
---
 ipalib/errors.py           |    2 +-
 ipaserver/plugins/ldap2.py |   16 +++++++++++-----
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/ipalib/errors.py b/ipalib/errors.py
index 42d43ce..fd96e57 100644
--- a/ipalib/errors.py
+++ b/ipalib/errors.py
@@ -1162,7 +1162,7 @@ class DatabaseError(ExecutionError):
     """
 
     errno = 4203
-    format = _('%(desc)s:%(info)s')
+    format = _('%(desc)s: %(info)s')
 
 
 class LimitsExceeded(ExecutionError):
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index 2213df0..1c5a84f 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -690,13 +690,19 @@ class ldap2(CrudBackend, Encoder):
                 adds = list(v.difference(old_v))
                 rems = list(old_v.difference(v))
 
+                is_single_value = False
+                if self.schema:
+                    obj = self.schema.get_obj(_ldap.schema.AttributeType, k)
+                    is_single_value = obj and obj.single_value
+
+                if is_single_value and len(adds) > 1 or len(adds) > len(rems):
+                    raise errors.DatabaseError(
+                        info='attribute is single-value', desc=k
+                    )
+
                 force_replace = False
-                if k in self._FORCE_REPLACE_ON_UPDATE_ATTRS:
+                if k in self._FORCE_REPLACE_ON_UPDATE_ATTRS or is_single_value:
                     force_replace = True
-                elif self.schema:
-                    obj = self.schema.get_obj(_ldap.schema.AttributeType, k)
-                    if obj and obj.single_value:
-                        force_replace = True
                 elif len(adds) == 1 and len(rems) == 1:
                     force_replace = True
 
-- 
1.7.1.1

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to