Generalize AD GC search

Modify access methods to AD GC so that callers can specify a custom basedn, filter, scope and attribute list, thus allowing it to perform any LDAP search. Error checking methodology in these functions was changed, so that it rather raises an exception with a desription instead of simply returning a None or False value which would made an investigation why something does not work much more difficult. External membership method in group-add-member command was updated to match this approach. https://fedorahosted.org/freeipa/ticket/2997
2025-02-25 18:55:28 -06:00 · 2013-01-18 17:28:39 +01:00
parent 4c4418fb9e
commit e60e80e2b6
2 changed files with 100 additions and 54 deletions
--- a/ipalib/plugins/group.py
+++ b/ipalib/plugins/group.py
@@ -384,11 +384,12 @@ class group_add_member(LDAPAddMember):
                if domain_validator.is_trusted_sid_valid(sid):
                    sids.append(sid)
                else:
-                    actual_sid = domain_validator.get_sid_trusted_domain_object(sid)
-                    if isinstance(actual_sid, unicode):
-                        sids.append(actual_sid)
+                    try:
+                        actual_sid = domain_validator.get_trusted_domain_object_sid(sid)
+                    except errors.PublicError, e:
+                        failed_sids.append((sid, unicode(e)))
                    else:
-                        failed_sids.append((sid, 'Not a trusted domain SID'))
+                        sids.append(actual_sid)
            if len(sids) == 0:
                raise errors.ValidationError(name=_('external member'),
                                             error=_('values are not recognized as valid SIDs from trusted domain'))