Hello, This fixes https://fedorahosted.org/freeipa/ticket/4178
-- PetrĀ³
From 85222e02ce57224ea661c990c69efecbf7907a74 Mon Sep 17 00:00:00 2001 From: Petr Viktorin <[email protected]> Date: Wed, 19 Feb 2014 14:18:58 +0100 Subject: [PATCH] permission-mod: Do not copy member attributes to new entry Fixes: https://fedorahosted.org/freeipa/ticket/4178 --- ipalib/plugins/permission.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index 3382525337ede044804adb90b741aa15571cd9a9..670e3f1c65452fef26838558ad115ebc2aeda87a 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -928,7 +928,9 @@ def pre_callback(self, ldap, dn, entry, attrs_list, *keys, **options): # it cannot be used directly to generate an ACI. # First we need to copy the original data into it. for key, value in old_entry.iteritems(): - if key not in options and key != 'cn': + if (key not in options and + key != 'cn' and + key not in self.obj.attribute_members): entry.setdefault(key, value) filter_ops = context.filter_ops -- 1.8.5.3
_______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
