From 8792803d4c8b6dae0a6be29662a9bc95eed19a81 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@redhat.com>
Date: Apr 14 2014 15:14:42 +0000
Subject: Do not overwrite special LDAP base values.


---

diff --git a/authinfo.py b/authinfo.py
index e568b21..3af34ff 100644
--- a/authinfo.py
+++ b/authinfo.py
@@ -187,6 +187,13 @@ def checkDN(value):
 		return False
 	return True
 
+def matchBaseLine(line, key):
+	value = matchKey(line, key)
+	if value:
+		return checkDN(value)
+	else:
+		return False
+
 # Check for a string in an nss configuration line.
 def checkNSS(configuration, candidate):
 	lst = configuration.split(":",1)
@@ -2616,7 +2623,7 @@ class AuthInfo:
 				elif matchLine(ls, host):
 					if self.ldapServer:
 						output += "#" + line 
-				elif matchLine(ls, base):
+				elif matchBaseLine(ls, base):
 					# If it's a 'base' line, insert ours instead.
 					if not wrotebasedn and self.ldapBaseDN:
 						output += base + " "