IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Improve user addition to default group in user-add

Browse Source 
On adding new user, user-add tries to make it a member of default
user group. This, however, can raise AlreadyGroupMember when the
user is already member of this group due to automember rule or
default group configured. This patch makes sure AlreadyGroupMember
exception is caught in such cases.

https://fedorahosted.org/freeipa/ticket/3097
This commit is contained in:
Tomas Babej
2012-09-25 06:20:49 -04:00
committed by Martin Kosek
parent 43f4ca710b
commit 0edeb9b01d
2 changed files with 74 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
ipalib/plugins/user.py
View File

@@ -538,7 +538,15 @@ class user_add(LDAPCreate):
# add the user we just created into the default primary group # add the user we just created into the default primary group
def_primary_group = config.get('ipadefaultprimarygroup') def_primary_group = config.get('ipadefaultprimarygroup')
group_dn = self.api.Object['group'].get_dn(def_primary_group) group_dn = self.api.Object['group'].get_dn(def_primary_group)
ldap.add_entry_to_group(dn, group_dn)
# if the user is already a member of default primary group,
# do not raise error
# this can happen if automember rule or default group is set
try:
ldap.add_entry_to_group(dn, group_dn)
except errors.AlreadyGroupMember:
pass
if self.api.env.wait_for_attr: if self.api.env.wait_for_attr:
newentry = wait_for_value(ldap, dn, 'memberOf', def_primary_group) newentry = wait_for_value(ldap, dn, 'memberOf', def_primary_group)
entry_from_entry(entry_attrs, newentry) entry_from_entry(entry_attrs, newentry)

65
tests/test_xmlrpc/test_user_plugin.py
View File

@@ -66,6 +66,7 @@ class test_user(Declarative):
cleanup_commands = [ cleanup_commands = [
('user_del', [user1, user2, renameduser1, admin2], {'continue': True}), ('user_del', [user1, user2, renameduser1, admin2], {'continue': True}),
('group_del', [group1], {}), ('group_del', [group1], {}),
('automember_default_group_remove', [], {'type': u'group'}),
] ]
tests = [ tests = [
@@ -1682,4 +1683,68 @@ class test_user(Declarative):
container=admins_group), container=admins_group),
), ),
dict(
desc='Set default automember group for groups as ipausers',
command=(
'automember_default_group_set', [], dict(
type=u'group',
automemberdefaultgroup=u'ipausers'
)
),
expected=dict(
result=dict(
cn=[u'Group'],
automemberdefaultgroup=[DN(('cn', 'ipausers'), ('cn', 'groups'), ('cn', 'accounts'), api.env.basedn)],
),
value=u'group',
summary=u'Set default (fallback) group for automember "group"',
),
),
dict(
desc='Delete "%s"' % user2,
command=('user_del', [user2], {}),
expected=dict(
result=dict(failed=u''),
summary=u'Deleted user "%s"' % user2,
value=user2,
),
),
dict(
desc='Create %r' % user2,
command=(
'user_add', [user2], dict(givenname=u'Test', sn=u'User2')
),
expected=dict(
value=user2,
summary=u'Added user "tuser2"',
result=dict(
gecos=[u'Test User2'],
givenname=[u'Test'],
homedirectory=[u'/home/tuser2'],
krbprincipalname=[u'tuser2@' + api.env.realm],
has_keytab=False,
has_password=False,
loginshell=[u'/bin/sh'],
objectclass=objectclasses.user,
sn=[u'User2'],
uid=[user2],
uidnumber=[fuzzy_digits],
gidnumber=[fuzzy_digits],
mail=[u'%s@%s' % (user2, api.env.domain)],
displayname=[u'Test User2'],
cn=[u'Test User2'],
initials=[u'TU'],
ipauniqueid=[fuzzy_uuid],
krbpwdpolicyreference=[DN(('cn', 'global_policy'), ('cn', api.env.realm), ('cn', 'kerberos'),
api.env.basedn)],
mepmanagedentry=[DN(('cn', user2), ('cn', 'groups'), ('cn', 'accounts'),
api.env.basedn)],
memberof_group=[u'ipausers'],
dn=DN(('uid', 'tuser2'), ('cn', 'users'), ('cn', 'accounts'),
api.env.basedn),
),
),
),
] ]