From 8ff9f63d80c9a6a28526a7ddc12d2a2ce8a6cb22 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 30 Nov 2007 13:27:33 -0500
Subject: [PATCH] Require that the default users group exists Fix some
 copy-paste errors from the password policy update

---
 .../ipagui/subcontrollers/ipapolicy.py        |  4 +--
 ipa-server/xmlrpc-server/funcs.py             | 27 +++++++++++++------
 2 files changed, 21 insertions(+), 10 deletions(-)

diff --git a/ipa-server/ipa-gui/ipagui/subcontrollers/ipapolicy.py b/ipa-server/ipa-gui/ipagui/subcontrollers/ipapolicy.py
index 781ca35d4..a82b98888 100644
--- a/ipa-server/ipa-gui/ipagui/subcontrollers/ipapolicy.py
+++ b/ipa-server/ipa-gui/ipagui/subcontrollers/ipapolicy.py
@@ -104,7 +104,7 @@ class IPAPolicyController(IPAController):
 
             new_ipapolicy = ipa.entity.Entity(orig_ipapolicy_dict)
             new_password = ipa.entity.Entity(orig_password_dict)
-            
+
             if str(new_ipapolicy.ipasearchtimelimit) != str(kw.get('ipasearchtimelimit')):
                 policy_modified = True
                 new_ipapolicy.setValue('ipasearchtimelimit', kw.get('ipasearchtimelimit'))
@@ -158,7 +158,7 @@ class IPAPolicyController(IPAController):
             turbogears.flash("IPA Policy updated")
             raise turbogears.redirect('/ipapolicy/show')
         except ipaerror.IPAError, e:
-            turbogears.flash("Policy update failed: " + str(e) + e.detail[0]['desc'])
+            turbogears.flash("Policy update failed: " + str(e) + "<br/>" + e.detail[0]['desc'])
             return dict(form=ipapolicy_edit_form, ipapolicy=kw,
                         tg_template='ipagui.templates.ipapolicyedit')
 
diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py
index 4741da10d..e733bd4af 100644
--- a/ipa-server/xmlrpc-server/funcs.py
+++ b/ipa-server/xmlrpc-server/funcs.py
@@ -53,9 +53,9 @@ DefaultGroupContainer = "cn=groups,cn=accounts"
 DefaultServiceContainer = "cn=services,cn=accounts"
 
 # FIXME: need to check the ipadebug option in ipa.conf
-#logging.basicConfig(level=logging.DEBUG,
-#    format='%(asctime)s %(levelname)s %(message)s',
-#    stream=sys.stderr)
+logging.basicConfig(level=logging.DEBUG,
+    format='%(asctime)s %(levelname)s %(message)s',
+    stream=sys.stderr)
 
 #
 # Apache runs in multi-process mode so each process will have its own
@@ -1380,14 +1380,22 @@ class IPAServer:
         # The LDAP routines want strings, not ints, so convert a few
         # things. Otherwise it sees a string -> int conversion as a change.
         try:
-            newconfig['krbmaxpwdlife'] = str(newconfig.get('krbmaxpwdlife'))
-            newconfig['krbminpwdlife'] = str(newconfig.get('krbminpwdlife'))
-            newconfig['krbpwdmindiffchars'] = str(newconfig.get('krbpwdmindiffchars'))
-            newconfig['krbpwdminlength'] = str(newconfig.get('krbpwdminlength'))
-            newconfig['krbpwdhistorylength'] = str(newconfig.get('krbpwdhistorylength'))
+            newconfig['ipapwdexpadvnotify'] = str(newconfig.get('ipapwdexpadvnotify'))
+            newconfig['ipasearchtimelimit'] = str(newconfig.get('ipasearchtimelimit'))
+            newconfig['ipasearchrecordslimit'] = str(newconfig.get('ipasearchrecordslimit'))
+            newconfig['ipamaxusernamelength'] = str(newconfig.get('ipamaxusernamelength'))
         except KeyError:
             # These should all be there but if not, let things proceed
             pass
+
+        # Ensure that the default group for users exists
+        try:
+            group = self.get_entry_by_cn(newconfig.get('ipadefaultprimarygroup'), None, opts)
+        except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
+            raise
+        except:
+            raise 
+
         return self.update_entry(oldconfig, newconfig, opts)
 
     def get_password_policy(self, opts=None):
@@ -1413,6 +1421,9 @@ class IPAServer:
         except KeyError:
             # These should all be there but if not, let things proceed
             pass
+        except:
+            # Anything else raise an error
+            raise
 
         return self.update_entry(oldpolicy, newpolicy, opts)