Use LDAP search instead of *group_show to check if a group exists.

https://fedorahosted.org/freeipa/ticket/3706

6 files changed, 15 insertions, 9 deletions

diff --git a/ipalib/plugins/aci.py b/ipalib/plugins/aci.py
index dab209e63..a7f85dd36 100644
--- a/ipalib/plugins/aci.py
+++ b/ipalib/plugins/aci.py
@@ -252,7 +252,8 @@ def _make_aci(ldap, current, aciname, kw):
     elif group:
         # Not so friendly with groups. This will raise
         try:
-            entry_attrs = api.Command['group_show'](kw['group'])['result']
+            group_dn = api.Object['group'].get_dn_if_exists(kw['group'])
+            entry_attrs = {'dn': group_dn}
         except errors.NotFound:
             raise errors.NotFound(reason=_("Group '%s' does not exist") % kw['group'])
 
@@ -269,7 +270,7 @@ def _make_aci(ldap, current, aciname, kw):
             a.set_target_attr(kw['attrs'])
         if valid['memberof']:
             try:
-                api.Command['group_show'](kw['memberof'])
+                api.Object['group'].get_dn_if_exists(kw['memberof'])
             except errors.NotFound:
                 api.Object['group'].handle_not_found(kw['memberof'])
             groupdn = _group_from_memberof(kw['memberof'])
@@ -291,8 +292,8 @@ def _make_aci(ldap, current, aciname, kw):
             a.set_target(target)
         if valid['targetgroup']:
             # Purposely no try here so we'll raise a NotFound
-            entry_attrs = api.Command['group_show'](kw['targetgroup'])['result']
-            target = 'ldap:///%s' % entry_attrs['dn']
+            group_dn = api.Object['group'].get_dn_if_exists(kw['targetgroup'])
+            target = 'ldap:///%s' % group_dn
             a.set_target(target)
         if valid['subtree']:
             # See if the subtree is a full URI
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index bb0de989c..13121071d 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -493,6 +493,11 @@ class LDAPObject(Object):
         assert isinstance(parent_dn, DN)
         return parent_dn
 
+    def get_dn_if_exists(self, *keys, **kwargs):
+        dn = self.get_dn(*keys, **kwargs)
+        entry = self.backend.get_entry(dn, [''])
+        return entry.dn
+
     def get_primary_key_from_dn(self, dn):
         assert isinstance(dn, DN)
         try:
diff --git a/ipalib/plugins/config.py b/ipalib/plugins/config.py
index 33eb174ec..b9cf05016 100644
--- a/ipalib/plugins/config.py
+++ b/ipalib/plugins/config.py
@@ -213,7 +213,7 @@ class config_mod(LDAPUpdate):
         if 'ipadefaultprimarygroup' in entry_attrs:
             group=entry_attrs['ipadefaultprimarygroup']
             try:
-                api.Command['group_show'](group)
+                api.Object['group'].get_dn_if_exists(group)
             except errors.NotFound:
                 raise errors.NotFound(message=_("The group doesn't exist"))
         kw = {}
diff --git a/ipalib/plugins/hostgroup.py b/ipalib/plugins/hostgroup.py
index 9fb102928..bc10994d4 100644
--- a/ipalib/plugins/hostgroup.py
+++ b/ipalib/plugins/hostgroup.py
@@ -122,7 +122,7 @@ class hostgroup_add(LDAPCreate):
         assert isinstance(dn, DN)
         try:
             # check duplicity with hostgroups first to provide proper error
-            netgroup = api.Command['hostgroup_show'](keys[-1])
+            api.Object['hostgroup'].get_dn_if_exists(keys[-1])
             self.obj.handle_duplicate_entry(*keys)
         except errors.NotFound:
             pass
@@ -130,7 +130,7 @@ class hostgroup_add(LDAPCreate):
         try:
             # when enabled, a managed netgroup is created for every hostgroup
             # make sure that the netgroup can be created
-            netgroup = api.Command['netgroup_show'](keys[-1])
+            api.Object['netgroup'].get_dn_if_exists(keys[-1])
             raise errors.DuplicateEntry(message=unicode(_(\
                     u'netgroup with name "%s" already exists. ' \
                     u'Hostgroups and netgroups share a common namespace'\
diff --git a/ipalib/plugins/netgroup.py b/ipalib/plugins/netgroup.py
index a2cf442d8..84bc74981 100644
--- a/ipalib/plugins/netgroup.py
+++ b/ipalib/plugins/netgroup.py
@@ -179,7 +179,7 @@ class netgroup_add(LDAPCreate):
             # when enabled, a managed netgroup is created for every hostgroup
             # make sure that we don't create a collision if the plugin is
             # (temporarily) disabled
-            netgroup = api.Command['hostgroup_show'](keys[-1])
+            api.Object['hostgroup'].get_dn_if_exists(keys[-1])
             raise errors.DuplicateEntry(message=unicode(self.msg_collision % keys[-1]))
         except errors.NotFound:
             pass
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index 32fda68e8..4fd942109 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -451,7 +451,7 @@ class user_add(LDAPCreate):
                 # The Managed Entries plugin will allow a user to be created
                 # even if a group has a duplicate name. This would leave a user
                 # without a private group. Check for both the group and the user.
-                self.api.Command['group_show'](keys[-1])
+                self.api.Object['group'].get_dn_if_exists(keys[-1])
                 try:
                     self.api.Command['user_show'](keys[-1])
                     self.obj.handle_duplicate_entry(*keys)