|
 |
403b09 |
From ef2480e2a9a10665208a6547fe3d3cb1d4047763 Mon Sep 17 00:00:00 2001
|
|
|
403b09 |
From: Martin Basti <mbasti@redhat.com>
|
|
|
403b09 |
Date: Fri, 19 Aug 2016 10:39:40 +0200
|
|
|
403b09 |
Subject: [PATCH] Raise DuplicatedEnrty error when user exists in
|
|
|
403b09 |
delete_container
|
|
|
403b09 |
|
|
|
403b09 |
We do not have right to write to users delete_container. In case that
|
|
|
403b09 |
user already exists in that container and we tried to add entry, we
|
|
|
403b09 |
receive ACIError. This must be checked and DuplicationEntry error must
|
|
|
403b09 |
be raised before.
|
|
|
403b09 |
|
|
|
403b09 |
https://fedorahosted.org/freeipa/ticket/6199
|
|
|
403b09 |
|
|
|
403b09 |
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
403b09 |
---
|
|
|
403b09 |
ipaserver/plugins/user.py | 15 +++++++++++++--
|
|
|
403b09 |
1 file changed, 13 insertions(+), 2 deletions(-)
|
|
|
403b09 |
|
|
|
403b09 |
diff --git a/ipaserver/plugins/user.py b/ipaserver/plugins/user.py
|
|
|
403b09 |
index 935ea892cde9e2cb5b21f4714fd93e73c3fa53d5..d690f01ab4d155f6b403790a7215e1777f383604 100644
|
|
|
403b09 |
--- a/ipaserver/plugins/user.py
|
|
|
403b09 |
+++ b/ipaserver/plugins/user.py
|
|
|
403b09 |
@@ -381,6 +381,10 @@ class user(baseuser):
|
|
|
403b09 |
),
|
|
|
403b09 |
)
|
|
|
403b09 |
|
|
|
403b09 |
+ def get_delete_dn(self, *keys, **options):
|
|
|
403b09 |
+ active_dn = self.get_dn(*keys, **options)
|
|
|
403b09 |
+ return DN(active_dn[0], self.delete_container_dn, api.env.basedn)
|
|
|
403b09 |
+
|
|
|
403b09 |
def get_either_dn(self, *keys, **options):
|
|
|
403b09 |
'''
|
|
|
403b09 |
Returns the DN of a user
|
|
|
403b09 |
@@ -397,7 +401,7 @@ class user(baseuser):
|
|
|
403b09 |
dn = active_dn
|
|
|
403b09 |
except errors.NotFound:
|
|
|
403b09 |
# Check that this value is a Delete user
|
|
|
403b09 |
- delete_dn = DN(active_dn[0], self.delete_container_dn, api.env.basedn)
|
|
|
403b09 |
+ delete_dn = self.get_delete_dn(*keys, **options)
|
|
|
403b09 |
try:
|
|
|
403b09 |
ldap.get_entry(delete_dn, ['dn'])
|
|
|
403b09 |
|
|
|
403b09 |
@@ -441,7 +445,14 @@ class user_add(baseuser_add):
|
|
|
403b09 |
)
|
|
|
403b09 |
|
|
|
403b09 |
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
|
|
|
403b09 |
- dn = self.obj.get_either_dn(*keys, **options)
|
|
|
403b09 |
+ delete_dn = self.obj.get_delete_dn(*keys, **options)
|
|
|
403b09 |
+ try:
|
|
|
403b09 |
+ ldap.get_entry(delete_dn, [''])
|
|
|
403b09 |
+ except errors.NotFound:
|
|
|
403b09 |
+ pass
|
|
|
403b09 |
+ else:
|
|
|
403b09 |
+ raise self.obj.handle_duplicate_entry(*keys)
|
|
|
403b09 |
+
|
|
|
403b09 |
if not options.get('noprivate', False):
|
|
|
403b09 |
try:
|
|
|
403b09 |
# The Managed Entries plugin will allow a user to be created
|
|
|
403b09 |
--
|
|
|
403b09 |
2.7.4
|
|
|
403b09 |
|