From 9baf0cb5b1eb30d3059e02d64cfd9fd30fbd773d Mon Sep 17 00:00:00 2001
From: Sergey Ivanov <sergey57@gmail.com>
Date: Sun, 18 Jun 2017 14:30:57 -0400
Subject: [PATCH] LDAP ObjectClasses are case-insensitive

In the IPA servers of the previous versions new users were created with objectClass capitalizations like 'posixAccount'.
They should be treated as matching 'posixaccount'.
---
 ipaserver/plugins/idviews.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ipaserver/plugins/idviews.py b/ipaserver/plugins/idviews.py
index 3cc7762ec8..593933e03a 100644
--- a/ipaserver/plugins/idviews.py
+++ b/ipaserver/plugins/idviews.py
@@ -545,7 +545,7 @@ def resolve_object_to_anchor(ldap, obj_type, obj, fallback_to_ldap):
             'group': 'ipausergroup',
         }[obj_type]
 
-        if required_objectclass not in entry['objectclass']:
+        if required_objectclass not in map(str.lower, entry['objectclass']):
             raise errors.ValidationError(
                     name=_('IPA object'),
                     error=_('system IPA objects (e.g. system groups, user '