Depends on my previous patch number 64 (posted on the list 2 minutes ago).
Ticket #845
Pavel
>From 275f22f718af14f3f3c5e29c1f03471ab152b386 Mon Sep 17 00:00:00 2001
From: Pavel Zuna <pz...@redhat.com>
Date: Tue, 25 Jan 2011 15:25:52 -0500
Subject: [PATCH 2/2] Raise ValidationError when adding unallowed attribute to search fields.
Ticket #845
---
ipalib/plugins/config.py | 16 ++++++++++++++++
1 files changed, 16 insertions(+), 0 deletions(-)
diff --git a/ipalib/plugins/config.py b/ipalib/plugins/config.py
index ccd06ca..f779732 100644
--- a/ipalib/plugins/config.py
+++ b/ipalib/plugins/config.py
@@ -198,6 +198,22 @@ class config_mod(LDAPUpdate):
api.Command['group_show'](group)
except errors.NotFound:
raise errors.NotFound(message=unicode("The group doesn't exist"))
+ kw = {}
+ if 'ipausersearchfields' in entry_attrs:
+ kw['ipausersearchfields'] = 'ipauserobjectclasses'
+ if 'ipagroupsearchfields' in entry_attrs:
+ kw['ipagroupsearchfields'] = 'ipagroupobjectclasses'
+ if kw:
+ config = ldap.get_ipa_config(kw.values())
+ for (k, v) in kw.iteritems():
+ allowed_attrs = ldap.get_allowed_attributes(config[1][v])
+ fields = entry_attrs[k].split(',')
+ for a in fields:
+ a = a.strip()
+ if a not in allowed_attrs:
+ raise errors.ValidationError(
+ name=k, error='attribute "%s" not allowed' % a
+ )
return dn
api.register(config_mod)
--
1.7.1.1
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
