diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2008-03-31 11:36:13 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2008-03-31 11:36:13 -0400 |
| commit | 58cfc7ab6861f47a85c8d275579a773a0fd79ea0 (patch) | |
| tree | e667292d8361be8362c0f224fb73ebf4f5230b59 /ipa-server/ipa-gui | |
| parent | 1737dbb17431f0ea8f8203eb0aeafc474bd35520 (diff) | |
| download | freeipa-58cfc7ab6861f47a85c8d275579a773a0fd79ea0.tar.gz freeipa-58cfc7ab6861f47a85c8d275579a773a0fd79ea0.tar.xz freeipa-58cfc7ab6861f47a85c8d275579a773a0fd79ea0.zip | |
Fix account activation.
We do account activation by using a Class of Service based on group
membership. A problem can happen if the entry itself has an nsaccountlock
attribute and you try doing Class of Service work as well because the
local attribute has priority. So try to detect that the entry has a local
nsAccountLock attribute and report an appropriate error.
Don't allow the admins or editors groups to be de-activated.
Return a better error message if account [in]activation fails.
Catch errors when doing group [in]activation.
439230
Diffstat (limited to 'ipa-server/ipa-gui')
| -rw-r--r-- | ipa-server/ipa-gui/ipagui/subcontrollers/group.py | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/ipa-server/ipa-gui/ipagui/subcontrollers/group.py b/ipa-server/ipa-gui/ipagui/subcontrollers/group.py index eac5cb0bd..6196d13dc 100644 --- a/ipa-server/ipa-gui/ipagui/subcontrollers/group.py +++ b/ipa-server/ipa-gui/ipagui/subcontrollers/group.py @@ -315,12 +315,17 @@ class GroupController(IPAController): kw['nsAccountLock'] = "false" modify_no_update = False - if kw.get('nsAccountLock') == "false" and new_group.getValues('nsaccountlock') == "true": - client.mark_group_active(kw.get('cn')) - modify_no_update = True - elif kw.get('nsAccountLock') == "true" and new_group.nsaccountlock != "true": - client.mark_group_inactive(kw.get('cn')) - modify_no_update = True + try: + if kw.get('nsAccountLock') == "false" and new_group.getValues('nsaccountlock') == "true": + client.mark_group_active(kw.get('cn')) + modify_no_update = True + elif kw.get('nsAccountLock') == "true" and new_group.nsaccountlock != "true": + client.mark_group_inactive(kw.get('cn')) + modify_no_update = True + except ipaerror.IPAError, e: + turbogears.flash("Group status change failed: " + str(e) + "<br/>" + e.detail[0].get('desc','') + ". " + e.detail[0].get('info','')) + return dict(form=group_edit_form, group=kw, members=member_dicts, + tg_template='ipagui.templates.groupedit') # # Add members |