When customing the list of objectclasses for users and groups in
cn=ipaconfig we need to ignore virtual attributes because by definition
they won't be in schema.
rob
>From 8d6f76273ecc9bb8162dacad064293f6d89ece6e Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Sat, 25 Feb 2012 19:02:04 -0500
Subject: [PATCH] Don't consider virtual attributes when validating custom
objectclasses
We verify user and group default objectclasses when changing them
to be sure that required objectclasses aren't being dropped. We need
to ignore virtual attributes or it will raise an error because they
aren't defined in schema.
https://fedorahosted.org/freeipa/ticket/2406
---
ipalib/plugins/config.py | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/ipalib/plugins/config.py b/ipalib/plugins/config.py
index ecf424646674040cd9437697691b9dff4c3744bc..c4615e3d1843a848e65090d64fd50fa833d81220 100644
--- a/ipalib/plugins/config.py
+++ b/ipalib/plugins/config.py
@@ -239,6 +239,11 @@ class config_mod(LDAPUpdate):
for obj_attr in checked_attrs:
if obj_attr in OPERATIONAL_ATTRIBUTES:
continue
+ if obj_attr in self.api.Object[obj].params and \
+ 'virtual_attribute' in \
+ self.api.Object[obj].params[obj_attr].flags:
+ # skip virtual attributes
+ continue
if obj_attr not in new_allowed_attrs:
raise errors.ValidationError(name=attr,
error=_('%(obj)s default attribute %(attr)s would not be allowed!') \
--
1.7.6
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
