403b09
From d3e11b06bbb996b1605f15912be106dcf47b357a Mon Sep 17 00:00:00 2001
403b09
From: Martin Basti <mbasti@redhat.com>
403b09
Date: Thu, 18 Aug 2016 10:11:25 +0200
403b09
Subject: [PATCH] Fix: container owner should be able to add vault
403b09
403b09
With recent change in DS (CVE fix), ds is not returging DuplicatedEntry
403b09
error in case that user is not permitted by ACI to write, but ACIError instead.
403b09
403b09
Is safe to ignore ACI error in container, because it will be raised
403b09
again later if user has no access to container.
403b09
403b09
https://fedorahosted.org/freeipa/ticket/6159
403b09
403b09
Reviewed-By: Martin Basti <mbasti@redhat.com>
403b09
---
403b09
 ipaserver/plugins/vault.py | 2 +-
403b09
 1 file changed, 1 insertion(+), 1 deletion(-)
403b09
403b09
diff --git a/ipaserver/plugins/vault.py b/ipaserver/plugins/vault.py
403b09
index c9b7cb942cfbca74134bce4ba039619b4f5f2845..5c4c09685ceb95c6634306c4275008d602099e12 100644
403b09
--- a/ipaserver/plugins/vault.py
403b09
+++ b/ipaserver/plugins/vault.py
403b09
@@ -783,7 +783,7 @@ class vault_add_internal(LDAPCreate):
403b09
 
403b09
         try:
403b09
             self.obj.create_container(parent_dn, owner_dn)
403b09
-        except errors.DuplicateEntry as e:
403b09
+        except (errors.DuplicateEntry, errors.ACIError):
403b09
             pass
403b09
 
403b09
         # vault should be owned by the creator
403b09
-- 
403b09
2.7.4
403b09