Raise more specific error when an Objectclass Violation occurs Fix the virtual plugin to work with the new backend

2025-02-25 18:55:28 -06:00 · 2009-09-10 16:10:30 -04:00
parent 2c3bca7e74
commit eca7cdc94a
3 changed files with 20 additions and 3 deletions
--- a/ipalib/errors.py
+++ b/ipalib/errors.py
@@ -1119,6 +1119,21 @@ class LimitsExceeded(ExecutionError):
    errno = 4204
    format = _('limits exceeded for this query')

+class ObjectclassViolation(ExecutionError):
+    """
+    **4205** Raised when an entry is missing a required attribute or objectclass
+
+    For example:
+
+    >>> raise ObjectclassViolation(info='attribute "krbPrincipalName" not allowed')
+    Traceback (most recent call last):
+      ...
+    ObjectclassViolation: attribute "krbPrincipalName" not allowed
+    """
+
+    errno = 4205
+    format = _('%(info)s')
+

 ##############################################################################
 # 5000 - 5999: Generic errors
--- a/ipalib/plugins/virtual.py
+++ b/ipalib/plugins/virtual.py
@@ -49,7 +49,7 @@ class VirtualCommand(Command):
        if self.operation is None:
            raise errors.ACIError(info='operation not defined')

-        ldap = self.api.Backend.ldap
+        ldap = self.api.Backend.ldap2
        self.log.info("IPA: virtual verify %s" % self.operation)

        operationdn = "cn=%s,%s,%s" % (self.operation, self.api.env.container_virtual, self.api.env.basedn)
@@ -65,9 +65,9 @@ class VirtualCommand(Command):
        except errors.ACIError, e:
            self.log.debug("%s" % str(e))
            raise errors.ACIError(info='not allowed to perform this command')
-        except errors.DatabaseError:
+        except errors.ObjectclassViolation:
            return
        except Exception, e:
            # Something unexpected happened. Log it and deny access to be safe.
-            self.log.info("Virtual verify failed: %s" % str(e))
+            self.log.info("Virtual verify failed: %s %s" % (type(e), str(e)))
            raise errors.ACIError(info='not allowed to perform this command')
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -99,6 +99,8 @@ def _handle_errors(e, **kw):
        # it indicates the previous attribute was removed by another
        # update, making the oldentry stale.
        raise errors.MidairCollision()
+    except _ldap.OBJECT_CLASS_VIOLATION:
+        raise errors.ObjectclassViolation(info=info)
    except _ldap.ADMINLIMIT_EXCEEDED, e:
        raise errors.LimitsExceeded()
    except _ldap.SIZELIMIT_EXCEEDED, e: