From 5a7a46355ced466c85305493a71121672b0a46fb Mon Sep 17 00:00:00 2001 From: Benjamin Renard Date: Fri, 27 May 2022 19:54:03 +0200 Subject: [PATCH] LdapClient.update_object: do not modify the provided changes parameter in case of renaming --- mylib/ldap.py | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/mylib/ldap.py b/mylib/ldap.py index 74dd0e5..07ac421 100644 --- a/mylib/ldap.py +++ b/mylib/ldap.py @@ -730,11 +730,14 @@ class LdapClient: :param rdn_attr: The LDAP object RDN attribute (to detect renaming, default: auto-detected) """ assert isinstance(changes, (list, tuple)) and len(changes) == 2 and isinstance(changes[0], dict) and isinstance(changes[1], dict), "changes parameter must be a result of get_changes() method (%s given)" % type(changes) + # In case of RDN change, we need to modify passed changes, copy it to make it unchanged in + # this case + _changes = copy.deepcopy(changes) if not rdn_attr: rdn_attr = ldap_obj['dn'].split('=')[0] log.debug('Auto-detected RDN attribute from DN: %s => %s', ldap_obj['dn'], rdn_attr) - old_rdn_values = self.get_attr(changes[0], rdn_attr, all_values=True) - new_rdn_values = self.get_attr(changes[1], rdn_attr, all_values=True) + old_rdn_values = self.get_attr(_changes[0], rdn_attr, all_values=True) + new_rdn_values = self.get_attr(_changes[1], rdn_attr, all_values=True) if old_rdn_values or new_rdn_values: if not new_rdn_values: log.error( @@ -759,15 +762,15 @@ class LdapClient: return False # Remove RDN in changes list - for attr in list(changes[0].keys()): + for attr in list(_changes[0].keys()): if attr.lower() == rdn_attr.lower(): - del changes[0][attr] - for attr in list(changes[1].keys()): + del _changes[0][attr] + for attr in list(_changes[1].keys()): if attr.lower() == rdn_attr.lower(): - del changes[1][attr] + del _changes[1][attr] # Check that there are other changes - if not changes[0] and not changes[1]: + if not _changes[0] and not _changes[1]: log.debug('%s: No other change after renaming', new_dn) return True @@ -783,14 +786,14 @@ class LdapClient: assert self._conn or self.initialize() return self._conn.update_object( ldap_obj['dn'], - changes[0], - changes[1], + _changes[0], + _changes[1], ignore_attrs=protected_attrs ) except LdapServerException: log.error( "An error occurred updating object %s in LDAP:\n%s\n -> \n%s\n\n", - ldap_obj['dn'], pretty_format_dict(changes[0]), pretty_format_dict(changes[1]), + ldap_obj['dn'], pretty_format_dict(_changes[0]), pretty_format_dict(_changes[1]), exc_info=True ) return False