From 5a7a46355ced466c85305493a71121672b0a46fb Mon Sep 17 00:00:00 2001
From: Benjamin Renard <brenard@easter-eggs.com>
Date: Fri, 27 May 2022 19:54:03 +0200
Subject: [PATCH] LdapClient.update_object: do not modify the provided changes
 parameter in case of renaming

---
 mylib/ldap.py | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/mylib/ldap.py b/mylib/ldap.py
index 74dd0e5..07ac421 100644
--- a/mylib/ldap.py
+++ b/mylib/ldap.py
@@ -730,11 +730,14 @@ class LdapClient:
         :param rdn_attr: The LDAP object RDN attribute (to detect renaming, default: auto-detected)
         """
         assert isinstance(changes, (list, tuple)) and len(changes) == 2 and isinstance(changes[0], dict) and isinstance(changes[1], dict), "changes parameter must be a result of get_changes() method (%s given)" % type(changes)
+        # In case of RDN change, we need to modify passed changes, copy it to make it unchanged in
+        # this case
+        _changes = copy.deepcopy(changes)
         if not rdn_attr:
             rdn_attr = ldap_obj['dn'].split('=')[0]
             log.debug('Auto-detected RDN attribute from DN: %s => %s', ldap_obj['dn'], rdn_attr)
-        old_rdn_values = self.get_attr(changes[0], rdn_attr, all_values=True)
-        new_rdn_values = self.get_attr(changes[1], rdn_attr, all_values=True)
+        old_rdn_values = self.get_attr(_changes[0], rdn_attr, all_values=True)
+        new_rdn_values = self.get_attr(_changes[1], rdn_attr, all_values=True)
         if old_rdn_values or new_rdn_values:
             if not new_rdn_values:
                 log.error(
@@ -759,15 +762,15 @@ class LdapClient:
                 return False
 
             # Remove RDN in changes list
-            for attr in list(changes[0].keys()):
+            for attr in list(_changes[0].keys()):
                 if attr.lower() == rdn_attr.lower():
-                    del changes[0][attr]
-            for attr in list(changes[1].keys()):
+                    del _changes[0][attr]
+            for attr in list(_changes[1].keys()):
                 if attr.lower() == rdn_attr.lower():
-                    del changes[1][attr]
+                    del _changes[1][attr]
 
             # Check that there are other changes
-            if not changes[0] and not changes[1]:
+            if not _changes[0] and not _changes[1]:
                 log.debug('%s: No other change after renaming', new_dn)
                 return True
 
@@ -783,14 +786,14 @@ class LdapClient:
             assert self._conn or self.initialize()
             return self._conn.update_object(
                 ldap_obj['dn'],
-                changes[0],
-                changes[1],
+                _changes[0],
+                _changes[1],
                 ignore_attrs=protected_attrs
             )
         except LdapServerException:
             log.error(
                 "An error occurred updating object %s in LDAP:\n%s\n -> \n%s\n\n",
-                ldap_obj['dn'], pretty_format_dict(changes[0]), pretty_format_dict(changes[1]),
+                ldap_obj['dn'], pretty_format_dict(_changes[0]), pretty_format_dict(_changes[1]),
                 exc_info=True
             )
             return False