Check for existence of the group when adding a user.

The Managed Entries plugin will allow a user to be added even if a group
of the same name exists. This would leave the user without a private
group.

We need to check for both the user and the group so we can do 1 of 3 things:
- throw an error that the group exists (but not the user)
- throw an error that the user exists (and the group)
- allow the uesr to be added

ticket 567
This commit is contained in:
Rob Crittenden 2010-12-13 09:53:29 -05:00
parent e8157f2628
commit ba8d21f5ae
3 changed files with 58 additions and 0 deletions

View File

@ -1110,6 +1110,21 @@ class ManagedPolicyError(ExecutionError):
errno = 4021
format = _('A managed group cannot have a password policy.')
class ManagedGroupExistsError(ExecutionError):
"""
**4024** Raised when adding a user and its managed group exists
For example:
>>> raise ManagedGroupExistsError(group=u'engineering')
Traceback (most recent call last):
...
ManagedGroupExistsError: Unable to create private group. A group 'engineering' already exists.'
"""
errno = 4024
format = _('Unable to create private group. Group \'%(group)s\' already exists.')
class BuiltinError(ExecutionError):
"""
**4100** Base class for builtin execution errors (*4100 - 4199*).

View File

@ -211,6 +211,18 @@ class user_add(LDAPCreate):
msg_summary = _('Added user "%(value)s"')
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
try:
# The Managed Entries plugin will allow a user to be created
# even if a group has a duplicate name. This would leave a user
# without a private group. Check for both the group and the user.
self.api.Command['group_show'](keys[-1])
try:
self.api.Command['user_show'](keys[-1])
raise errors.DuplicateEntry()
except errors.NotFound:
raise errors.ManagedGroupExistsError(group=keys[-1])
except errors.NotFound:
pass
config = ldap.get_ipa_config()[1]
if 'ipamaxusernamelength' in config:
if len(keys[-1]) > int(config.get('ipamaxusernamelength')[0]):

View File

@ -32,6 +32,7 @@ user_memberof = (u'cn=ipausers,cn=groups,cn=accounts,%s' % api.env.basedn,)
user1=u'tuser1'
user2=u'tuser2'
renameduser1=u'tuser'
group1=u'group1'
invaliduser1=u'+tuser1'
invaliduser2=u'tuser1234567890123456789012345678901234567890'
@ -41,6 +42,7 @@ class test_user(Declarative):
cleanup_commands = [
('user_del', [user1, user2], {}),
('group_del', [group1], {}),
]
tests = [
@ -461,4 +463,33 @@ class test_user(Declarative):
expected=errors.ValidationError(name='uid', error='can be at most 33 characters'),
),
dict(
desc='Create %r' % group1,
command=(
'group_add', [group1], dict(description=u'Test desc')
),
expected=dict(
value=group1,
summary=u'Added group "%s"' % group1,
result=dict(
cn=[group1],
description=[u'Test desc'],
gidnumber=[fuzzy_digits],
objectclass=objectclasses.group + [u'posixgroup'],
ipauniqueid=[fuzzy_uuid],
dn=u'cn=%s,cn=groups,cn=accounts,%s' % (group1, api.env.basedn),
),
),
),
dict(
desc='Try to user %r where the managed group exists' % group1,
command=(
'user_add', [group1], dict(givenname=u'Test', sn=u'User1')
),
expected=errors.ManagedGroupExistsError(group=group1)
),
]