Since this change influences most LDAPCreate calls I run full tests and
everything seems OK - no suspicious error. I just had to fix HBAC tests
failures caused by invalid hostname (see attached patch 132).

----
LDAPCreate reports "search criteria was not specific enough" when LDAP
object created in LDAPCreate shares its container with other LDAP objects
and there is one with the same name and RDN attribute.

Pass objectclass to find_entry_by_attr() function used to retrieve
newly created object for POST_CALLBACK to identify correct LDAP
object.

https://fedorahosted.org/freeipa/ticket/1864

>From 12eefe9e1a09f1439983be8bb2044cadec96e74f Mon Sep 17 00:00:00 2001
From: Martin Kosek <mko...@redhat.com>
Date: Fri, 30 Sep 2011 11:04:14 +0200
Subject: [PATCH] Fix LDAPCreate search failure

LDAPCreate reports "search criteria was not specific enough" when LDAP
object created in LDAPCreate shares its container with other LDAP objects
and there is one with the same name and RDN attribute.

Pass objectclass to find_entry_by_attr() function used to retrieve
newly created object for POST_CALLBACK to identify correct LDAP
object.

https://fedorahosted.org/freeipa/ticket/1864
---
 ipalib/plugins/baseldap.py |    7 ++++++-
 1 files changed, 6 insertions(+), 1 deletions(-)

diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index 11cd72cc048bc2379f9f11bcb17f882322c73665..20f23c2e02d5751d18ca62665b15ffe3cf643646 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -739,8 +739,13 @@ class LDAPCreate(CallbackInterface, crud.Create):
 
         try:
             if self.obj.rdn_attribute:
+                # make sure objectclass is either set or None
+                if self.obj.object_class:
+                    object_class = self.obj.object_class
+                else:
+                    object_class = None
                 (dn, entry_attrs) = ldap.find_entry_by_attr(
-                    self.obj.primary_key.name, keys[-1], None, attrs_list,
+                    self.obj.primary_key.name, keys[-1], object_class, attrs_list,
                     self.obj.container_dn
                 )
             else:
-- 
1.7.6.2

>From 0d5068322b3bbf021983a3971d2433dbd92a2e59 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mko...@redhat.com>
Date: Fri, 30 Sep 2011 11:10:29 +0200
Subject: [PATCH] Fix HBAC tests hostnames

Make HBAC test hosts compliant with hostname restrictions placed
in ticket 1780.
---
 tests/test_xmlrpc/test_hbac_plugin.py |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/test_xmlrpc/test_hbac_plugin.py b/tests/test_xmlrpc/test_hbac_plugin.py
index f1c8c84ca3ae7c022045ec8da9da462ec1700559..ebb5d17ed4d0322a0513a7562c08f9af0c1e0582 100644
--- a/tests/test_xmlrpc/test_hbac_plugin.py
+++ b/tests/test_xmlrpc/test_hbac_plugin.py
@@ -41,9 +41,9 @@ class test_hbac(XMLRPC_test):
 
     test_user = u'hbacrule_test_user'
     test_group = u'hbacrule_test_group'
-    test_host = u'hbacrule._test_netgroup'
+    test_host = u'hbacrule.test-netgroup'
     test_hostgroup = u'hbacrule_test_hostgroup'
-    test_sourcehost = u'hbacrule._test_src_host'
+    test_sourcehost = u'hbacrule.test-src-host'
     test_sourcehostgroup = u'hbacrule_test_src_hostgroup'
     test_service = u'sshd'
     test_host_external = u'notfound.example.com'
-- 
1.7.6.2

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to