diff --git a/ipa-python/ipaerror.py b/ipa-python/ipaerror.py index 926ad4277..d96ebb1c3 100644 --- a/ipa-python/ipaerror.py +++ b/ipa-python/ipaerror.py @@ -237,3 +237,8 @@ STATUS_HAS_NSACCOUNTLOCK = gen_error_code( STATUS_CATEGORY, 0x0003, "This entry appears to have the nsAccountLock attribute in it so the Class of Service activation/inactivation will not work. You will need to remove the attribute nsAccountLock for this to work.") + +STATUS_NOT_GROUP_MEMBER = gen_error_code( + STATUS_CATEGORY, + 0x0004, + "This entry is not a member of the group.") diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py index 17b6092ad..9beb609aa 100644 --- a/ipa-server/xmlrpc-server/funcs.py +++ b/ipa-server/xmlrpc-server/funcs.py @@ -1072,7 +1072,7 @@ class IPAServer: group = self.get_entry_by_cn("inactivated", None, opts) try: self.remove_member_from_group(entry.get('dn'), group.get('dn'), opts) - except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND): + except ipaerror.exception_for(ipaerror.STATUS_NOT_GROUP_MEMBER): # Perhaps the user is there as a result of group membership pass @@ -1431,16 +1431,17 @@ class IPAServer: if new_group.get('member') is not None: if isinstance(new_group.get('member'),basestring): new_group['member'] = [new_group['member']] + for i in range(len(new_group['member'])): + new_group['member'][i] = ipaserver.ipaldap.IPAdmin.normalizeDN(new_group['member'][i]) try: new_group['member'].remove(member_dn) except ValueError: # member is not in the group # FIXME: raise more specific error? - raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND) + raise ipaerror.gen_exception(ipaerror.STATUS_NOT_GROUP_MEMBER) else: # Nothing to do if the group has no members - # FIXME raise SOMETHING? - return "Success" + raise ipaerror.gen_exception(ipaerror.STATUS_NOT_GROUP_MEMBER) try: ret = self.__update_entry(old_group, new_group, opts) @@ -1471,6 +1472,9 @@ class IPAServer: except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND): # member_dn or the group does not exist failed.append(member_dn) + except ipaerror.exception_for(ipaerror.STATUS_NOT_GROUP_MEMBER): + # not a member of the group + failed.append(member_dn) return failed @@ -1605,6 +1609,9 @@ class IPAServer: except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND): # User or the group does not exist failed.append(group_dn) + except ipaerror.exception_for(ipaerror.STATUS_NOT_GROUP_MEMBER): + # User is not in the group + failed.append(group_dn) return failed