From 69e4397421d16fad7d16b2f5d53d2bd9316407a1 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Aug 01 2023 11:41:59 +0000
Subject: idp: when adding an IdP allow to override IdP options


Use of 'ipa idp-add --provider' was supposed to allow override scope and
other IdP options. The defaults are provided by the IdP template and
were actually not overridden. Fix this.

Fixes: https://pagure.io/freeipa/issue/9421
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>

---

diff --git a/ipaserver/plugins/idp.py b/ipaserver/plugins/idp.py
index 59d942d..697eb46 100644
--- a/ipaserver/plugins/idp.py
+++ b/ipaserver/plugins/idp.py
@@ -350,6 +350,9 @@ class idp_add(LDAPCreate):
                                 name=self.options[s].cli_name,
                                 error=_('value is missing'))
                     points[k] = template_str(v, elements)
+                elif k in elements:
+                    points[k] = elements[k]
+
             entry_attrs.update(points)
 
     def get_options(self):