From ef2480e2a9a10665208a6547fe3d3cb1d4047763 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Fri, 19 Aug 2016 10:39:40 +0200 Subject: [PATCH] Raise DuplicatedEnrty error when user exists in delete_container We do not have right to write to users delete_container. In case that user already exists in that container and we tried to add entry, we receive ACIError. This must be checked and DuplicationEntry error must be raised before. https://fedorahosted.org/freeipa/ticket/6199 Reviewed-By: Jan Cholasta --- ipaserver/plugins/user.py | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/ipaserver/plugins/user.py b/ipaserver/plugins/user.py index 935ea892cde9e2cb5b21f4714fd93e73c3fa53d5..d690f01ab4d155f6b403790a7215e1777f383604 100644 --- a/ipaserver/plugins/user.py +++ b/ipaserver/plugins/user.py @@ -381,6 +381,10 @@ class user(baseuser): ), ) + def get_delete_dn(self, *keys, **options): + active_dn = self.get_dn(*keys, **options) + return DN(active_dn[0], self.delete_container_dn, api.env.basedn) + def get_either_dn(self, *keys, **options): ''' Returns the DN of a user @@ -397,7 +401,7 @@ class user(baseuser): dn = active_dn except errors.NotFound: # Check that this value is a Delete user - delete_dn = DN(active_dn[0], self.delete_container_dn, api.env.basedn) + delete_dn = self.get_delete_dn(*keys, **options) try: ldap.get_entry(delete_dn, ['dn']) @@ -441,7 +445,14 @@ class user_add(baseuser_add): ) def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): - dn = self.obj.get_either_dn(*keys, **options) + delete_dn = self.obj.get_delete_dn(*keys, **options) + try: + ldap.get_entry(delete_dn, ['']) + except errors.NotFound: + pass + else: + raise self.obj.handle_duplicate_entry(*keys) + if not options.get('noprivate', False): try: # The Managed Entries plugin will allow a user to be created -- 2.7.4