mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 15:40:01 -06:00
Check for existence of the group when adding a user.
The Managed Entries plugin will allow a user to be added even if a group of the same name exists. This would leave the user without a private group. We need to check for both the user and the group so we can do 1 of 3 things: - throw an error that the group exists (but not the user) - throw an error that the user exists (and the group) - allow the uesr to be added ticket 567
This commit is contained in:
parent
e8157f2628
commit
ba8d21f5ae
@ -1110,6 +1110,21 @@ class ManagedPolicyError(ExecutionError):
|
||||
errno = 4021
|
||||
format = _('A managed group cannot have a password policy.')
|
||||
|
||||
class ManagedGroupExistsError(ExecutionError):
|
||||
"""
|
||||
**4024** Raised when adding a user and its managed group exists
|
||||
|
||||
For example:
|
||||
|
||||
>>> raise ManagedGroupExistsError(group=u'engineering')
|
||||
Traceback (most recent call last):
|
||||
...
|
||||
ManagedGroupExistsError: Unable to create private group. A group 'engineering' already exists.'
|
||||
"""
|
||||
|
||||
errno = 4024
|
||||
format = _('Unable to create private group. Group \'%(group)s\' already exists.')
|
||||
|
||||
class BuiltinError(ExecutionError):
|
||||
"""
|
||||
**4100** Base class for builtin execution errors (*4100 - 4199*).
|
||||
|
@ -211,6 +211,18 @@ class user_add(LDAPCreate):
|
||||
msg_summary = _('Added user "%(value)s"')
|
||||
|
||||
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
|
||||
try:
|
||||
# The Managed Entries plugin will allow a user to be created
|
||||
# even if a group has a duplicate name. This would leave a user
|
||||
# without a private group. Check for both the group and the user.
|
||||
self.api.Command['group_show'](keys[-1])
|
||||
try:
|
||||
self.api.Command['user_show'](keys[-1])
|
||||
raise errors.DuplicateEntry()
|
||||
except errors.NotFound:
|
||||
raise errors.ManagedGroupExistsError(group=keys[-1])
|
||||
except errors.NotFound:
|
||||
pass
|
||||
config = ldap.get_ipa_config()[1]
|
||||
if 'ipamaxusernamelength' in config:
|
||||
if len(keys[-1]) > int(config.get('ipamaxusernamelength')[0]):
|
||||
|
@ -32,6 +32,7 @@ user_memberof = (u'cn=ipausers,cn=groups,cn=accounts,%s' % api.env.basedn,)
|
||||
user1=u'tuser1'
|
||||
user2=u'tuser2'
|
||||
renameduser1=u'tuser'
|
||||
group1=u'group1'
|
||||
|
||||
invaliduser1=u'+tuser1'
|
||||
invaliduser2=u'tuser1234567890123456789012345678901234567890'
|
||||
@ -41,6 +42,7 @@ class test_user(Declarative):
|
||||
|
||||
cleanup_commands = [
|
||||
('user_del', [user1, user2], {}),
|
||||
('group_del', [group1], {}),
|
||||
]
|
||||
|
||||
tests = [
|
||||
@ -461,4 +463,33 @@ class test_user(Declarative):
|
||||
expected=errors.ValidationError(name='uid', error='can be at most 33 characters'),
|
||||
),
|
||||
|
||||
dict(
|
||||
desc='Create %r' % group1,
|
||||
command=(
|
||||
'group_add', [group1], dict(description=u'Test desc')
|
||||
),
|
||||
expected=dict(
|
||||
value=group1,
|
||||
summary=u'Added group "%s"' % group1,
|
||||
result=dict(
|
||||
cn=[group1],
|
||||
description=[u'Test desc'],
|
||||
gidnumber=[fuzzy_digits],
|
||||
objectclass=objectclasses.group + [u'posixgroup'],
|
||||
ipauniqueid=[fuzzy_uuid],
|
||||
dn=u'cn=%s,cn=groups,cn=accounts,%s' % (group1, api.env.basedn),
|
||||
),
|
||||
),
|
||||
),
|
||||
|
||||
|
||||
dict(
|
||||
desc='Try to user %r where the managed group exists' % group1,
|
||||
command=(
|
||||
'user_add', [group1], dict(givenname=u'Test', sn=u'User1')
|
||||
),
|
||||
expected=errors.ManagedGroupExistsError(group=group1)
|
||||
),
|
||||
|
||||
|
||||
]
|
||||
|
Loading…
Reference in New Issue
Block a user