From 6e7474a1db6d49a4b07cd01663ec7f55df5225c4 Mon Sep 17 00:00:00 2001
From: Nathaniel McCallum <npmccallum@redhat.com>
Date: Fri, 24 Oct 2014 16:16:50 -0400
Subject: [PATCH] Ensure users exist when assigning tokens to them

https://fedorahosted.org/freeipa/ticket/4642

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
---
 ipalib/plugins/otptoken.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/ipalib/plugins/otptoken.py b/ipalib/plugins/otptoken.py
index 77366bafe7a102f5d2c048ac3d5f7d9948ed7fe4..f48feeee0502992f1b5fed4f342cace1c404624b 100644
--- a/ipalib/plugins/otptoken.py
+++ b/ipalib/plugins/otptoken.py
@@ -100,8 +100,11 @@ def _convert_owner(userobj, entry_attrs, options):
 
 def _normalize_owner(userobj, entry_attrs):
     owner = entry_attrs.get('ipatokenowner', None)
-    if owner is not None:
-        entry_attrs['ipatokenowner'] = userobj.get_dn(owner)
+    if owner:
+        try:
+            entry_attrs['ipatokenowner'] = userobj._normalize_manager(owner)[0]
+        except NotFound:
+            userobj.handle_not_found(owner)
 
 def _check_interval(not_before, not_after):
     if not_before and not_after:
-- 
2.1.0