Don't allow one to set a blank list of default objectclasses in cn=ipaconfig.

rob
>From 0d486f34eaf68384151a809da5d5d5749095f7d7 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Tue, 8 Nov 2011 17:04:26 -0500
Subject: [PATCH] Don't allow default objectclass list to be empty.

https://fedorahosted.org/freeipa/ticket/1945
---
 ipalib/plugins/config.py |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/ipalib/plugins/config.py b/ipalib/plugins/config.py
index 9bed5d8..332eea1 100644
--- a/ipalib/plugins/config.py
+++ b/ipalib/plugins/config.py
@@ -220,6 +220,9 @@ class config_mod(LDAPUpdate):
         for (attr, obj) in (('ipauserobjectclasses', 'user'),
                             ('ipagroupobjectclasses', 'group')):
             if attr in entry_attrs:
+                if not entry_attrs[attr]:
+                    raise errors.ValidationError(name=attr,
+                        error=_('May not be empty'))
                 objectclasses = list(set(entry_attrs[attr] \
                                          + self.api.Object[obj].possible_objectclasses))
                 new_allowed_attrs = ldap.get_allowed_attributes(objectclasses,
-- 
1.7.6.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to