Require that the default users group exists

Fix some copy-paste errors from the password policy update
2025-02-25 18:55:28 -06:00 · 2007-11-30 13:27:33 -05:00 · 2007-11-30 13:27:33 -05:00 · 8ff9f63d80
commit 8ff9f63d80
parent bac556557d
2 changed files with 21 additions and 10 deletions
--- a/ipa-server/ipa-gui/ipagui/subcontrollers/ipapolicy.py
+++ b/ipa-server/ipa-gui/ipagui/subcontrollers/ipapolicy.py
@ -104,7 +104,7 @@ class IPAPolicyController(IPAController):

            new_ipapolicy = ipa.entity.Entity(orig_ipapolicy_dict)
            new_password = ipa.entity.Entity(orig_password_dict)
-            
+
            if str(new_ipapolicy.ipasearchtimelimit) != str(kw.get('ipasearchtimelimit')):
                policy_modified = True
                new_ipapolicy.setValue('ipasearchtimelimit', kw.get('ipasearchtimelimit'))
@ -158,7 +158,7 @@ class IPAPolicyController(IPAController):
            turbogears.flash("IPA Policy updated")
            raise turbogears.redirect('/ipapolicy/show')
        except ipaerror.IPAError, e:
-            turbogears.flash("Policy update failed: " + str(e) + e.detail[0]['desc'])
+            turbogears.flash("Policy update failed: " + str(e) + "<br/>" + e.detail[0]['desc'])
            return dict(form=ipapolicy_edit_form, ipapolicy=kw,
                        tg_template='ipagui.templates.ipapolicyedit')

--- a/ipa-server/xmlrpc-server/funcs.py
+++ b/ipa-server/xmlrpc-server/funcs.py
@ -53,9 +53,9 @@ DefaultGroupContainer = "cn=groups,cn=accounts"
 DefaultServiceContainer = "cn=services,cn=accounts"

 # FIXME: need to check the ipadebug option in ipa.conf
-#logging.basicConfig(level=logging.DEBUG,
-#    format='%(asctime)s %(levelname)s %(message)s',
-#    stream=sys.stderr)
+logging.basicConfig(level=logging.DEBUG,
+    format='%(asctime)s %(levelname)s %(message)s',
+    stream=sys.stderr)

 #
 # Apache runs in multi-process mode so each process will have its own
@ -1380,14 +1380,22 @@ class IPAServer:
        # The LDAP routines want strings, not ints, so convert a few
        # things. Otherwise it sees a string -> int conversion as a change.
        try:
-            newconfig['krbmaxpwdlife'] = str(newconfig.get('krbmaxpwdlife'))
-            newconfig['krbminpwdlife'] = str(newconfig.get('krbminpwdlife'))
-            newconfig['krbpwdmindiffchars'] = str(newconfig.get('krbpwdmindiffchars'))
-            newconfig['krbpwdminlength'] = str(newconfig.get('krbpwdminlength'))
-            newconfig['krbpwdhistorylength'] = str(newconfig.get('krbpwdhistorylength'))
+            newconfig['ipapwdexpadvnotify'] = str(newconfig.get('ipapwdexpadvnotify'))
+            newconfig['ipasearchtimelimit'] = str(newconfig.get('ipasearchtimelimit'))
+            newconfig['ipasearchrecordslimit'] = str(newconfig.get('ipasearchrecordslimit'))
+            newconfig['ipamaxusernamelength'] = str(newconfig.get('ipamaxusernamelength'))
        except KeyError:
            # These should all be there but if not, let things proceed
            pass
+
+        # Ensure that the default group for users exists
+        try:
+            group = self.get_entry_by_cn(newconfig.get('ipadefaultprimarygroup'), None, opts)
+        except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
+            raise
+        except:
+            raise 
+
        return self.update_entry(oldconfig, newconfig, opts)

    def get_password_policy(self, opts=None):
@ -1413,6 +1421,9 @@ class IPAServer:
        except KeyError:
            # These should all be there but if not, let things proceed
            pass
+        except:
+            # Anything else raise an error
+            raise

        return self.update_entry(oldpolicy, newpolicy, opts)