|
 |
3f51ca |
From 6d4676c4e3403df547ef03a2e716d6254c3c512e Mon Sep 17 00:00:00 2001
|
|
|
3f51ca |
From: Florence Blanc-Renaud <flo@redhat.com>
|
|
|
3f51ca |
Date: Fri, 5 Jan 2018 09:50:26 +0100
|
|
|
3f51ca |
Subject: [PATCH] Idviews: fix objectclass violation on idview-add
|
|
|
3f51ca |
|
|
|
3f51ca |
When the option --domain-resolution-order is used with the command
|
|
|
3f51ca |
ipa idview-add, the resulting LDAP object stores the value in
|
|
|
3f51ca |
ipadomainresolutionorder attribute.
|
|
|
3f51ca |
The issue is that the add command does not add the needed object
|
|
|
3f51ca |
class (ipaNameResolutionData) because it is part of
|
|
|
3f51ca |
possible_objectclasses but not of object_class.
|
|
|
3f51ca |
|
|
|
3f51ca |
The fix makes sure to add the objectclass when the option
|
|
|
3f51ca |
--domain-resolution-order is used, and adds a non-regression test.
|
|
|
3f51ca |
|
|
|
3f51ca |
Note that idview-mod does not have any issue as it correctly handles
|
|
|
3f51ca |
the addition of missing possible objectclasses.
|
|
|
3f51ca |
|
|
|
3f51ca |
Fixes:
|
|
|
3f51ca |
https://pagure.io/freeipa/issue/7350
|
|
|
3f51ca |
|
|
|
3f51ca |
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
3f51ca |
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
3f51ca |
---
|
|
|
3f51ca |
ipaserver/plugins/idviews.py | 15 +++++++++----
|
|
|
3f51ca |
ipatests/test_xmlrpc/test_idviews_plugin.py | 35 +++++++++++++++++++++++++++++
|
|
|
3f51ca |
2 files changed, 46 insertions(+), 4 deletions(-)
|
|
|
3f51ca |
|
|
|
3f51ca |
diff --git a/ipaserver/plugins/idviews.py b/ipaserver/plugins/idviews.py
|
|
|
3f51ca |
index a55c20bbf2466d9cb3a317d49a8bba3c9379f572..2b06cc54e4b04aac004efbf02a446464b8c89777 100644
|
|
|
3f51ca |
--- a/ipaserver/plugins/idviews.py
|
|
|
3f51ca |
+++ b/ipaserver/plugins/idviews.py
|
|
|
3f51ca |
@@ -22,10 +22,11 @@ import re
|
|
|
3f51ca |
import six
|
|
|
3f51ca |
|
|
|
3f51ca |
from .baseldap import (LDAPQuery, LDAPObject, LDAPCreate,
|
|
|
3f51ca |
- LDAPDelete, LDAPUpdate, LDAPSearch,
|
|
|
3f51ca |
- LDAPAddAttributeViaOption,
|
|
|
3f51ca |
- LDAPRemoveAttributeViaOption,
|
|
|
3f51ca |
- LDAPRetrieve, global_output_params)
|
|
|
3f51ca |
+ LDAPDelete, LDAPUpdate, LDAPSearch,
|
|
|
3f51ca |
+ LDAPAddAttributeViaOption,
|
|
|
3f51ca |
+ LDAPRemoveAttributeViaOption,
|
|
|
3f51ca |
+ LDAPRetrieve, global_output_params,
|
|
|
3f51ca |
+ add_missing_object_class)
|
|
|
3f51ca |
from .hostgroup import get_complete_hostgroup_member_list
|
|
|
3f51ca |
from .service import validate_certificate
|
|
|
3f51ca |
from ipalib import api, Str, Int, Bytes, Flag, _, ngettext, errors, output
|
|
|
3f51ca |
@@ -169,6 +170,12 @@ class idview_add(LDAPCreate):
|
|
|
3f51ca |
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
|
|
|
3f51ca |
self.api.Object.config.validate_domain_resolution_order(entry_attrs)
|
|
|
3f51ca |
|
|
|
3f51ca |
+ # The objectclass ipaNameResolutionData may not be present on
|
|
|
3f51ca |
+ # the id view. We need to add it if we define a new
|
|
|
3f51ca |
+ # value for ipaDomainResolutionOrder
|
|
|
3f51ca |
+ if 'ipadomainresolutionorder' in entry_attrs:
|
|
|
3f51ca |
+ add_missing_object_class(ldap, u'ipanameresolutiondata', dn,
|
|
|
3f51ca |
+ entry_attrs, update=False)
|
|
|
3f51ca |
return dn
|
|
|
3f51ca |
|
|
|
3f51ca |
|
|
|
3f51ca |
diff --git a/ipatests/test_xmlrpc/test_idviews_plugin.py b/ipatests/test_xmlrpc/test_idviews_plugin.py
|
|
|
3f51ca |
index 35d31b37d8fb87384d9ae550182e353c1d6383cc..3d4cce5ea0505ef8b0cd8253fd74b037890ce18b 100644
|
|
|
3f51ca |
--- a/ipatests/test_xmlrpc/test_idviews_plugin.py
|
|
|
3f51ca |
+++ b/ipatests/test_xmlrpc/test_idviews_plugin.py
|
|
|
3f51ca |
@@ -1704,4 +1704,39 @@ class test_idviews(Declarative):
|
|
|
3f51ca |
),
|
|
|
3f51ca |
),
|
|
|
3f51ca |
|
|
|
3f51ca |
+ # Delete the ID View
|
|
|
3f51ca |
+
|
|
|
3f51ca |
+ dict(
|
|
|
3f51ca |
+ desc='Delete ID View "%s"' % idview1,
|
|
|
3f51ca |
+ command=('idview_del', [idview1], {}),
|
|
|
3f51ca |
+ expected=dict(
|
|
|
3f51ca |
+ result=dict(failed=[]),
|
|
|
3f51ca |
+ summary=u'Deleted ID View "%s"' % idview1,
|
|
|
3f51ca |
+ value=[idview1],
|
|
|
3f51ca |
+ ),
|
|
|
3f51ca |
+ ),
|
|
|
3f51ca |
+
|
|
|
3f51ca |
+ # Test the creation of ID view with domain resolution order
|
|
|
3f51ca |
+ # Non-regression test for issue 7350
|
|
|
3f51ca |
+
|
|
|
3f51ca |
+ dict(
|
|
|
3f51ca |
+ desc='Create ID View "%s"' % idview1,
|
|
|
3f51ca |
+ command=(
|
|
|
3f51ca |
+ 'idview_add',
|
|
|
3f51ca |
+ [idview1],
|
|
|
3f51ca |
+ dict(ipadomainresolutionorder=u'%s' % api.env.domain)
|
|
|
3f51ca |
+ ),
|
|
|
3f51ca |
+ expected=dict(
|
|
|
3f51ca |
+ value=idview1,
|
|
|
3f51ca |
+ summary=u'Added ID View "%s"' % idview1,
|
|
|
3f51ca |
+ result=dict(
|
|
|
3f51ca |
+ dn=get_idview_dn(idview1),
|
|
|
3f51ca |
+ objectclass=objectclasses.idview +
|
|
|
3f51ca |
+ [u'ipanameresolutiondata'],
|
|
|
3f51ca |
+ cn=[idview1],
|
|
|
3f51ca |
+ ipadomainresolutionorder=[api.env.domain]
|
|
|
3f51ca |
+ )
|
|
|
3f51ca |
+ ),
|
|
|
3f51ca |
+ ),
|
|
|
3f51ca |
+
|
|
|
3f51ca |
]
|
|
|
3f51ca |
--
|
|
|
3f51ca |
2.13.6
|
|
|
3f51ca |
|