IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-27 00:26:33 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix: container owner should be able to add vault

Browse Source 
With recent change in DS (CVE fix), ds is not returging DuplicatedEntry
error in case that user is not permitted by ACI to write, but ACIError instead.

Is safe to ignore ACI error in container, because it will be raised
again later if user has no access to container.

https://fedorahosted.org/freeipa/ticket/6159

Reviewed-By: Martin Basti <mbasti@redhat.com>
This commit is contained in:
Martin Basti 2016-08-18 10:11:25 +02:00
parent b6d5ed139b
commit 6b7d6417d4
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ipaserver/plugins/vault.py
View File

@ -783,7 +783,7 @@ class vault_add_internal(LDAPCreate):
try:
self.obj.create_container(parent_dn, owner_dn)
except errors.DuplicateEntry as e:
except (errors.DuplicateEntry, errors.ACIError):
pass
# vault should be owned by the creator