Lines 815-856
class simpleLdap(base):
|
Link Here
|
---|
|
815 |
ocs -= set(chain.from_iterable(m.options[option].objectClasses for option in removed_options)) |
815 |
ocs -= set(chain.from_iterable(m.options[option].objectClasses for option in removed_options)) |
816 |
ocs |= set(chain.from_iterable(m.options[option].objectClasses for option in added_options)) |
816 |
ocs |= set(chain.from_iterable(m.options[option].objectClasses for option in added_options)) |
817 |
if set(self.oldattr.get('objectClass', [])) != ocs: |
817 |
if set(self.oldattr.get('objectClass', [])) != ocs: |
818 |
ml = [x for x in ml if x[0].lower() != 'objectClass'.lower()] |
818 |
ml = [x for x in ml if x[0].lower() != 'objectclass'] |
819 |
ml.append(('objectClass', self.oldattr.get('objectClass', []), list(ocs))) |
819 |
ml.append(('objectClass', self.oldattr.get('objectClass', []), list(ocs))) |
|
|
820 |
elif not object_classes_to_remove: |
821 |
return ml |
822 |
|
823 |
# parse LDAP schema |
824 |
schema = self.lo.get_schema() |
825 |
newattr = ldap.cidict.cidict(_MergedAttributes(self, ml).get_attributes()) |
826 |
ocs_afterwards = ocs - object_classes_to_remove |
827 |
|
828 |
# make sure we still have a structural object class |
829 |
if not schema.get_structural_oc(ocs_afterwards): |
830 |
structural_ocs = schema.get_structural_oc(object_classes_to_remove) |
831 |
if structural_ocs: |
832 |
univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'Preventing to remove last structural object class %r' % (structural_ocs,)) |
833 |
object_classes_to_remove -= set(schema.get_obj(ldap.schema.models.ObjectClass, structural_ocs).names) |
834 |
ocs_afterwards = ocs - object_classes_to_remove |
835 |
else: |
836 |
univention.debug.debug(univention.debug.ADMIN, univention.debug.ERROR, 'missing structural object class. Modify will fail.') |
837 |
return ml |
820 |
|
838 |
|
821 |
if object_classes_to_remove or set(self.oldattr.get('objectClass', [])) != ocs: |
839 |
# validate removal of object classes |
822 |
# parse LDAP schema |
840 |
must, may = schema.attribute_types(ocs_afterwards) |
823 |
schema = self.lo.get_schema() |
841 |
allowed = set(name.lower() for attr in may.values() for name in attr.names) | set(name.lower() for attr in must.values() for name in attr.names) |
824 |
newattr = ldap.cidict.cidict(_MergedAttributes(self, ml).get_attributes()) |
842 |
|
825 |
ocs_afterwards = set(newattr.get('objectClass', [])) - object_classes_to_remove |
843 |
for attr, val in newattr.items(): |
826 |
|
844 |
if not val: |
827 |
# make sure we still have a structural object class |
845 |
continue |
828 |
if not schema.get_structural_oc(ocs_afterwards): |
846 |
if attr.lower() not in allowed: |
829 |
structural_ocs = schema.get_structural_oc(object_classes_to_remove) |
847 |
univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'The attribute %r is not allowed by any object class.' % (attr,)) |
830 |
if structural_ocs: |
848 |
# ml.append((attr, val, [])) # TODO: Remove the now invalid attribute instead |
831 |
univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'Preventing to remove last structural object class %r' % (structural_ocs,)) |
849 |
return ml |
832 |
object_classes_to_remove -= set(schema.get_obj(ldap.schema.models.ObjectClass, structural_ocs).names) |
850 |
|
833 |
ocs_afterwards = set(newattr.get('objectClass', [])) - object_classes_to_remove |
851 |
for attr in must.values(): |
834 |
else: |
852 |
for name in attr.names: |
835 |
univention.debug.debug(univention.debug.ADMIN, univention.debug.ERROR, 'missing structural object class. Modify will fail.') |
853 |
if newattr.get(name): |
836 |
|
|
|
837 |
# validate removal of object classes |
838 |
must, may = schema.attribute_types(ocs_afterwards) |
839 |
must = ldap.cidict.cidict(dict((x, x) for x in list(chain.from_iterable(x.names for x in must.values())))) |
840 |
may = ldap.cidict.cidict(dict((x, x) for x in list(chain.from_iterable(x.names for x in may.values())))) |
841 |
for attr in must.keys(): |
842 |
if not newattr.get(attr): |
843 |
univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'The attribute %r is required by the current object classes.' % (attr,)) |
844 |
break |
854 |
break |
845 |
else: |
855 |
else: |
846 |
for attr, val in newattr.items(): |
856 |
univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'The attribute %r is required by the current object classes.' % (attr.names,)) |
847 |
if val and not must.get(attr) and not may.get(attr): |
857 |
return ml |
848 |
univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'The attribute %r is not allowed by any object class.' % (attr,)) |
858 |
|
849 |
# ml.append((attr, val, [])) # TODO: Remove the now invalid attribute instead |
859 |
ml = [x for x in ml if x[0].lower() != 'objectclass'] |
850 |
break |
860 |
ml.append(('objectClass', self.oldattr.get('objectClass', []), list(ocs_afterwards))) |
851 |
else: |
861 |
|
852 |
ml = [x for x in ml if x[0].lower() != 'objectclass'] |
|
|
853 |
ml.append(('objectClass', self.oldattr.get('objectClass', []), list(ocs - object_classes_to_remove))) |
854 |
return ml |
862 |
return ml |
855 |
|
863 |
|
856 |
def _move_in_subordinates(self, olddn): |
864 |
def _move_in_subordinates(self, olddn): |