Hi,

my first patch :) -- attempts to fix https://fedorahosted.org/freeipa/ticket/1259


Minor difference for IPA is that IPA command line tools are now reporting nsAccountLock in upper case (TRUE/FALSE instead of True/False previously). This does not affect functionality as far as I can see, and Web UI works fine.
--
/ Alexander Bokovoy
From f41e59d8e306b0823c2ad3567a7f0f6536f82f48 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <aboko...@redhat.com>
Date: Mon, 27 Jun 2011 15:08:13 +0300
Subject: [PATCH] Convert Bool to TRUE/FALSE when working with LDAP backend
 https://fedorahosted.org/freeipa/ticket/1259

According to RFC4517 the only valid values for a boolean in LDAP are TRUE or 
FALSE.
This commit adds support to recognize TRUE and FALSE as valid Bool constants 
when converting from LDAP attribute values
and enforces TRUE or FALSE string for account locking.
---
 ipalib/parameters.py       |    4 ++--
 ipaserver/plugins/ldap2.py |    7 +++++--
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/ipalib/parameters.py b/ipalib/parameters.py
index 
ee660848bb5931601ab0494a007b45ce711604bd..3d9f208d2f49e2f02bfbfacef9911bdb124961e8
 100644
--- a/ipalib/parameters.py
+++ b/ipalib/parameters.py
@@ -903,8 +903,8 @@ class Bool(Param):
     # FIXME: This my quick hack to get some UI stuff working, change these 
defaults
     #   --jderose 2009-08-28
     kwargs = Param.kwargs + (
-        ('truths', frozenset, frozenset([1, u'1', u'true'])),
-        ('falsehoods', frozenset, frozenset([0, u'0', u'false'])),
+        ('truths', frozenset, frozenset([1, u'1', u'true', u'TRUE'])),
+        ('falsehoods', frozenset, frozenset([0, u'0', u'false', u'FALSE'])),
     )
 
     def _convert_scalar(self, value, index=None):
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index 
e4cc72de5182544546a342c0af99317f169ef079..9675a8a71bfb482e8cbfe45227c3545c8ab9fbe5
 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -518,7 +518,7 @@ class ldap2(CrudBackend, Encoder):
             scope=_ldap.SCOPE_SUBTREE, time_limit=None, size_limit=None,
             normalize=True, search_refs=False):
         """
-        Return a list of entries and indication of whteher the results where
+        Return a list of entries and indication of whether the results where
         truncated ([(dn, entry_attrs)], truncated) matching specified search
         parameters followed by truncated flag. If the truncated flag is True,
         search hit a server limit and its results are incomplete.
@@ -1052,7 +1052,10 @@ class ldap2(CrudBackend, Encoder):
         else:
             if account_lock_attr == 'true':
                 raise errors.AlreadyInactive()
-        account_lock_attr = str(not active)
+        
+        # LDAP expects string instead of Bool but it also requires it to be 
TRUE or FALSE,
+        # not True or False as Python stringification does. Thus, we uppercase 
it.
+        account_lock_attr = str(not active).upper()
 
         entry_attrs['nsaccountlock'] = account_lock_attr
         self.update_entry(dn, entry_attrs)
-- 
1.7.5.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to