When setting the user or group objectclasses a verification is done to ensure that the possible attributes are all allowed by the available set of objectclasses. This comparison is done in a case-sensitive way and it shouldn't need to be.
error: invalid 'ipauserobjectclasses': user default attribute unetID would not be allowed!
case shouldn't matter
Making unetuser_attributes lower-case will fix it showing that it is a case-sensitivity issue
This patch allows this particular situation to pass, there could be others:
--- ipaserver/plugins/config.py 2020-06-23 16:42:11.940562212 -0400 +++ /usr/lib/python3.7/site-packages/ipaserver/plugins/config.py 2020-07-15 15:03:43.218477394 -0400 @@ -535,7 +535,7 @@ self.api.Object[obj].params[obj_attr].flags: # skip virtual attributes continue - if obj_attr not in new_allowed_attrs: + if obj_attr.lower() not in new_allowed_attrs: raise errors.ValidationError(name=attr, error=_('%(obj)s default attribute %(attr)s would not be allowed!') \ % dict(obj=obj, attr=obj_attr))
Metadata Update from @rcritten: - Issue assigned to rcritten
https://github.com/freeipa/freeipa/pull/5935
master:
ipa-4-9:
Metadata Update from @rcritten: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.