So far it was possible to rename any object using LDAPUpdate to a name with empty primary key. Since this can cause nasty problems, this patch disables empty string in --rename argument.
https://fedorahosted.org/freeipa/ticket/827 Jan
From 5d2eb85af1df7c20049e7fdc05e6a529a2b2839b Mon Sep 17 00:00:00 2001 From: Jan Zeleny <jzel...@redhat.com> Date: Mon, 24 Jan 2011 03:24:05 -0500 Subject: [PATCH] Disable renaming to empty string So far it was possible to rename any object using LDAPUpdate to a name with empty primary key. Since this can cause nasty problems, this patch disables empty string in --rename argument. https://fedorahosted.org/freeipa/ticket/827 --- ipalib/plugins/baseldap.py | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index e7ccb7724ff39a115c8931c7829d4352c3e0c691..1ef1af56947c5d0f90088b9ba2be98b8acb0278c 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -799,6 +799,8 @@ class LDAPUpdate(LDAPQuery, crud.Update): rdnupdate = False try: if self.obj.rdnattr and 'rename' in options: + if not options['rename']: + raise errors.ValidationError(name='rename', error=u'can\'t be empty') entry_attrs[self.obj.rdnattr] = options['rename'] if self.obj.rdnattr and self.obj.rdnattr in entry_attrs: -- 1.7.3.4
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
