diff options
author | Rob Crittenden <rcritten@redhat.com> | 2010-12-13 09:53:29 -0500 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2010-12-13 09:53:29 -0500 |
commit | ba8d21f5ae3d4133032c635dad77127cb72ab1bf (patch) | |
tree | f12e55142e1a796c895a4f6f23249c07f4e47af3 | |
parent | e8157f262835ce7232907a43a8d1dc4d4e6ea10d (diff) | |
download | freeipa-ba8d21f5ae3d4133032c635dad77127cb72ab1bf.tar.gz freeipa-ba8d21f5ae3d4133032c635dad77127cb72ab1bf.tar.xz freeipa-ba8d21f5ae3d4133032c635dad77127cb72ab1bf.zip |
Check for existence of the group when adding a user.
The Managed Entries plugin will allow a user to be added even if a group
of the same name exists. This would leave the user without a private
group.
We need to check for both the user and the group so we can do 1 of 3 things:
- throw an error that the group exists (but not the user)
- throw an error that the user exists (and the group)
- allow the uesr to be added
ticket 567
-rw-r--r-- | ipalib/errors.py | 15 | ||||
-rw-r--r-- | ipalib/plugins/user.py | 12 | ||||
-rw-r--r-- | tests/test_xmlrpc/test_user_plugin.py | 31 |
3 files changed, 58 insertions, 0 deletions
diff --git a/ipalib/errors.py b/ipalib/errors.py index 49d6343a4..8e119837e 100644 --- a/ipalib/errors.py +++ b/ipalib/errors.py @@ -1110,6 +1110,21 @@ class ManagedPolicyError(ExecutionError): errno = 4021 format = _('A managed group cannot have a password policy.') +class ManagedGroupExistsError(ExecutionError): + """ + **4024** Raised when adding a user and its managed group exists + + For example: + + >>> raise ManagedGroupExistsError(group=u'engineering') + Traceback (most recent call last): + ... + ManagedGroupExistsError: Unable to create private group. A group 'engineering' already exists.' + """ + + errno = 4024 + format = _('Unable to create private group. Group \'%(group)s\' already exists.') + class BuiltinError(ExecutionError): """ **4100** Base class for builtin execution errors (*4100 - 4199*). diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index c3246f5cd..283c0c416 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -211,6 +211,18 @@ class user_add(LDAPCreate): msg_summary = _('Added user "%(value)s"') def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): + try: + # The Managed Entries plugin will allow a user to be created + # even if a group has a duplicate name. This would leave a user + # without a private group. Check for both the group and the user. + self.api.Command['group_show'](keys[-1]) + try: + self.api.Command['user_show'](keys[-1]) + raise errors.DuplicateEntry() + except errors.NotFound: + raise errors.ManagedGroupExistsError(group=keys[-1]) + except errors.NotFound: + pass config = ldap.get_ipa_config()[1] if 'ipamaxusernamelength' in config: if len(keys[-1]) > int(config.get('ipamaxusernamelength')[0]): diff --git a/tests/test_xmlrpc/test_user_plugin.py b/tests/test_xmlrpc/test_user_plugin.py index 9849953ee..18bdc7788 100644 --- a/tests/test_xmlrpc/test_user_plugin.py +++ b/tests/test_xmlrpc/test_user_plugin.py @@ -32,6 +32,7 @@ user_memberof = (u'cn=ipausers,cn=groups,cn=accounts,%s' % api.env.basedn,) user1=u'tuser1' user2=u'tuser2' renameduser1=u'tuser' +group1=u'group1' invaliduser1=u'+tuser1' invaliduser2=u'tuser1234567890123456789012345678901234567890' @@ -41,6 +42,7 @@ class test_user(Declarative): cleanup_commands = [ ('user_del', [user1, user2], {}), + ('group_del', [group1], {}), ] tests = [ @@ -461,4 +463,33 @@ class test_user(Declarative): expected=errors.ValidationError(name='uid', error='can be at most 33 characters'), ), + dict( + desc='Create %r' % group1, + command=( + 'group_add', [group1], dict(description=u'Test desc') + ), + expected=dict( + value=group1, + summary=u'Added group "%s"' % group1, + result=dict( + cn=[group1], + description=[u'Test desc'], + gidnumber=[fuzzy_digits], + objectclass=objectclasses.group + [u'posixgroup'], + ipauniqueid=[fuzzy_uuid], + dn=u'cn=%s,cn=groups,cn=accounts,%s' % (group1, api.env.basedn), + ), + ), + ), + + + dict( + desc='Try to user %r where the managed group exists' % group1, + command=( + 'user_add', [group1], dict(givenname=u'Test', sn=u'User1') + ), + expected=errors.ManagedGroupExistsError(group=group1) + ), + + ] |