IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Raise better error message for permission added to generated tree

Browse Source 
https://fedorahosted.org/freeipa/ticket/4523

Reviewed-By: Thierry bordaz (tbordaz) <tbordaz@redhat.com>
This commit is contained in:
Martin Kosek 2014-10-16 12:40:24 +02:00
parent cf860c7154
commit 061f7ff331
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ipalib/plugins/permission.py
View File

@ -972,7 +972,7 @@ class permission_add(baseldap.LDAPCreate):
def post_callback(self, ldap, dn, entry, *keys, **options): def post_callback(self, ldap, dn, entry, *keys, **options):
try: try:
self.obj.add_aci(entry) self.obj.add_aci(entry)
except Exception: except Exception, e:
# Adding the ACI failed. # Adding the ACI failed.
# We want to be 100% sure the ACI is not there, so try to # We want to be 100% sure the ACI is not there, so try to
# remove it. (This is a no-op if the ACI was not added.) # remove it. (This is a no-op if the ACI was not added.)
@ -988,6 +988,13 @@ class permission_add(baseldap.LDAPCreate):
self.api.Backend['ldap2'].delete_entry(entry) self.api.Backend['ldap2'].delete_entry(entry)
except errors.NotFound: except errors.NotFound:
pass pass
if isinstance(e, errors.NotFound):
# add_aci may raise NotFound if the subtree is only virtual
# like cn=compat,SUFFIX and thus passes the LDAP get entry test
location = DN(entry.single_value['ipapermlocation'])
raise errors.ValidationError(
name='ipapermlocation',
error=_('Cannot store permission ACI to %s') % location)
# Re-raise original exception # Re-raise original exception
raise raise
self.obj.postprocess_result(entry, options) self.obj.postprocess_result(entry, options)