IPA-EPN: Use a helper to retrieve LDAP attributes from an entry

Allow for empty attributes.

Reviewed-By: Francois Cami <fcami@redhat.com>

ipaclient/install/ipa_epn.py

@@ -122,22 +122,30 @@ class EPNUserList:
         """Return len(self)."""
         return len(self._expiring_password_user_dq)
 
+    def get_ldap_attr(self, entry, attr):
+        """Get a single value from a multi-valued attr in a safe way"""
+        return str(entry.get(attr, [""]).pop(0))
+
     def add(self, entry):
         """Parses and appends an LDAP user entry with the uid, cn,
            givenname, sn, krbpasswordexpiration and mail attributes.
         """
         try:
             self._sorted = False
+            if entry.get("mail") is None:
+                logger.error("IPA-EPN: No mail address defined for: %s",
+                             entry.dn)
+                return
             self._expiring_password_user_dq.append(
                 dict(
-                    uid=str(entry["uid"].pop(0)),
+                    uid=self.get_ldap_attr(entry, "uid"),
-                    cn=str(entry["cn"].pop(0)),
+                    cn=self.get_ldap_attr(entry, "cn"),
-                    givenname=str(entry["givenname"].pop(0)),
+                    givenname=self.get_ldap_attr(entry, "givenname"),
-                    sn=str(entry["sn"].pop(0)),
+                    sn=self.get_ldap_attr(entry, "sn"),
-                    krbpasswordexpiration=str(
+                    krbpasswordexpiration=(
-                        entry["krbpasswordexpiration"].pop(0)
+                        self.get_ldap_attr(entry,"krbpasswordexpiration")
                     ),
-                    mail=str(entry["mail"]),
+                    mail=str(entry.get("mail")),
                 )
             )
         except IndexError as e: