diff options
author | Jan Cholasta <jcholast@redhat.com> | 2013-06-25 12:58:37 +0000 |
---|---|---|
committer | Alexander Bokovoy <abokovoy@redhat.com> | 2013-07-11 12:39:25 +0300 |
commit | 100f13d95b51ab5b8a2a4b7dfb04c5f3b58015d4 (patch) | |
tree | 27bf5a35b396177642ccfee3bfe5b210dcdc7c52 /ipalib/plugins/aci.py | |
parent | ab96ca7831ad8ab2ee2389093ea8b9327d94d6f0 (diff) | |
download | freeipa-100f13d95b51ab5b8a2a4b7dfb04c5f3b58015d4.tar.gz freeipa-100f13d95b51ab5b8a2a4b7dfb04c5f3b58015d4.tar.xz freeipa-100f13d95b51ab5b8a2a4b7dfb04c5f3b58015d4.zip |
Use LDAP search instead of *group_show to check if a group exists.
https://fedorahosted.org/freeipa/ticket/3706
Diffstat (limited to 'ipalib/plugins/aci.py')
-rw-r--r-- | ipalib/plugins/aci.py | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/ipalib/plugins/aci.py b/ipalib/plugins/aci.py index dab209e63..a7f85dd36 100644 --- a/ipalib/plugins/aci.py +++ b/ipalib/plugins/aci.py @@ -252,7 +252,8 @@ def _make_aci(ldap, current, aciname, kw): elif group: # Not so friendly with groups. This will raise try: - entry_attrs = api.Command['group_show'](kw['group'])['result'] + group_dn = api.Object['group'].get_dn_if_exists(kw['group']) + entry_attrs = {'dn': group_dn} except errors.NotFound: raise errors.NotFound(reason=_("Group '%s' does not exist") % kw['group']) @@ -269,7 +270,7 @@ def _make_aci(ldap, current, aciname, kw): a.set_target_attr(kw['attrs']) if valid['memberof']: try: - api.Command['group_show'](kw['memberof']) + api.Object['group'].get_dn_if_exists(kw['memberof']) except errors.NotFound: api.Object['group'].handle_not_found(kw['memberof']) groupdn = _group_from_memberof(kw['memberof']) @@ -291,8 +292,8 @@ def _make_aci(ldap, current, aciname, kw): a.set_target(target) if valid['targetgroup']: # Purposely no try here so we'll raise a NotFound - entry_attrs = api.Command['group_show'](kw['targetgroup'])['result'] - target = 'ldap:///%s' % entry_attrs['dn'] + group_dn = api.Object['group'].get_dn_if_exists(kw['targetgroup']) + target = 'ldap:///%s' % group_dn a.set_target(target) if valid['subtree']: # See if the subtree is a full URI |