The Identity, Policy and Audit system
CentOS Sources
2016-11-03 403b09ab980c02ef36095973349a13e0181c794a
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
From ef2480e2a9a10665208a6547fe3d3cb1d4047763 Mon Sep 17 00:00:00 2001
From: Martin Basti <mbasti@redhat.com>
Date: Fri, 19 Aug 2016 10:39:40 +0200
Subject: [PATCH] Raise DuplicatedEnrty error when user exists in
 delete_container
 
We do not have right to write to users delete_container. In case that
user already exists in that container and we tried to add entry, we
receive ACIError. This must be checked and DuplicationEntry error must
be raised before.
 
https://fedorahosted.org/freeipa/ticket/6199
 
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
---
 ipaserver/plugins/user.py | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)
 
diff --git a/ipaserver/plugins/user.py b/ipaserver/plugins/user.py
index 935ea892cde9e2cb5b21f4714fd93e73c3fa53d5..d690f01ab4d155f6b403790a7215e1777f383604 100644
--- a/ipaserver/plugins/user.py
+++ b/ipaserver/plugins/user.py
@@ -381,6 +381,10 @@ class user(baseuser):
         ),
     )
 
+    def get_delete_dn(self, *keys, **options):
+        active_dn = self.get_dn(*keys, **options)
+        return DN(active_dn[0], self.delete_container_dn, api.env.basedn)
+
     def get_either_dn(self, *keys, **options):
         '''
         Returns the DN of a user
@@ -397,7 +401,7 @@ class user(baseuser):
             dn = active_dn
         except errors.NotFound:
             # Check that this value is a Delete user
-            delete_dn = DN(active_dn[0], self.delete_container_dn, api.env.basedn)
+            delete_dn = self.get_delete_dn(*keys, **options)
             try:
                 ldap.get_entry(delete_dn, ['dn'])
 
@@ -441,7 +445,14 @@ class user_add(baseuser_add):
     )
 
     def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
-        dn = self.obj.get_either_dn(*keys, **options)
+        delete_dn = self.obj.get_delete_dn(*keys, **options)
+        try:
+            ldap.get_entry(delete_dn, [''])
+        except errors.NotFound:
+            pass
+        else:
+            raise self.obj.handle_duplicate_entry(*keys)
+
         if not options.get('noprivate', False):
             try:
                 # The Managed Entries plugin will allow a user to be created
-- 
2.7.4