Use LDAP search instead of *group_show to check if a group exists.

https://fedorahosted.org/freeipa/ticket/3706
2025-02-25 18:55:28 -06:00 · 2013-06-25 12:58:37 +00:00 · 2013-06-25 12:58:37 +00:00 · 100f13d95b
commit 100f13d95b
parent ab96ca7831
6 changed files with 15 additions and 9 deletions
--- a/ipalib/plugins/aci.py
+++ b/ipalib/plugins/aci.py
@ -252,7 +252,8 @@ def _make_aci(ldap, current, aciname, kw):
    elif group:
        # Not so friendly with groups. This will raise
        try:
-            entry_attrs = api.Command['group_show'](kw['group'])['result']
+            group_dn = api.Object['group'].get_dn_if_exists(kw['group'])
+            entry_attrs = {'dn': group_dn}
        except errors.NotFound:
            raise errors.NotFound(reason=_("Group '%s' does not exist") % kw['group'])

@ -269,7 +270,7 @@ def _make_aci(ldap, current, aciname, kw):
            a.set_target_attr(kw['attrs'])
        if valid['memberof']:
            try:
-                api.Command['group_show'](kw['memberof'])
+                api.Object['group'].get_dn_if_exists(kw['memberof'])
            except errors.NotFound:
                api.Object['group'].handle_not_found(kw['memberof'])
            groupdn = _group_from_memberof(kw['memberof'])
@ -291,8 +292,8 @@ def _make_aci(ldap, current, aciname, kw):
            a.set_target(target)
        if valid['targetgroup']:
            # Purposely no try here so we'll raise a NotFound
-            entry_attrs = api.Command['group_show'](kw['targetgroup'])['result']
-            target = 'ldap:///%s' % entry_attrs['dn']
+            group_dn = api.Object['group'].get_dn_if_exists(kw['targetgroup'])
+            target = 'ldap:///%s' % group_dn
            a.set_target(target)
        if valid['subtree']:
            # See if the subtree is a full URI
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@ -493,6 +493,11 @@ class LDAPObject(Object):
        assert isinstance(parent_dn, DN)
        return parent_dn

+    def get_dn_if_exists(self, *keys, **kwargs):
+        dn = self.get_dn(*keys, **kwargs)
+        entry = self.backend.get_entry(dn, [''])
+        return entry.dn
+
    def get_primary_key_from_dn(self, dn):
        assert isinstance(dn, DN)
        try:
--- a/ipalib/plugins/config.py
+++ b/ipalib/plugins/config.py
@ -213,7 +213,7 @@ class config_mod(LDAPUpdate):
        if 'ipadefaultprimarygroup' in entry_attrs:
            group=entry_attrs['ipadefaultprimarygroup']
            try:
-                api.Command['group_show'](group)
+                api.Object['group'].get_dn_if_exists(group)
            except errors.NotFound:
                raise errors.NotFound(message=_("The group doesn't exist"))
        kw = {}
--- a/ipalib/plugins/hostgroup.py
+++ b/ipalib/plugins/hostgroup.py
@ -122,7 +122,7 @@ class hostgroup_add(LDAPCreate):
        assert isinstance(dn, DN)
        try:
            # check duplicity with hostgroups first to provide proper error
-            netgroup = api.Command['hostgroup_show'](keys[-1])
+            api.Object['hostgroup'].get_dn_if_exists(keys[-1])
            self.obj.handle_duplicate_entry(*keys)
        except errors.NotFound:
            pass
@ -130,7 +130,7 @@ class hostgroup_add(LDAPCreate):
        try:
            # when enabled, a managed netgroup is created for every hostgroup
            # make sure that the netgroup can be created
-            netgroup = api.Command['netgroup_show'](keys[-1])
+            api.Object['netgroup'].get_dn_if_exists(keys[-1])
            raise errors.DuplicateEntry(message=unicode(_(\
                    u'netgroup with name "%s" already exists. ' \
                    u'Hostgroups and netgroups share a common namespace'\
--- a/ipalib/plugins/netgroup.py
+++ b/ipalib/plugins/netgroup.py
@ -179,7 +179,7 @@ class netgroup_add(LDAPCreate):
            # when enabled, a managed netgroup is created for every hostgroup
            # make sure that we don't create a collision if the plugin is
            # (temporarily) disabled
-            netgroup = api.Command['hostgroup_show'](keys[-1])
+            api.Object['hostgroup'].get_dn_if_exists(keys[-1])
            raise errors.DuplicateEntry(message=unicode(self.msg_collision % keys[-1]))
        except errors.NotFound:
            pass
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@ -451,7 +451,7 @@ class user_add(LDAPCreate):
                # The Managed Entries plugin will allow a user to be created
                # even if a group has a duplicate name. This would leave a user
                # without a private group. Check for both the group and the user.
-                self.api.Command['group_show'](keys[-1])
+                self.api.Object['group'].get_dn_if_exists(keys[-1])
                try:
                    self.api.Command['user_show'](keys[-1])
                    self.obj.handle_duplicate_entry(*keys)