Check for existence of the group when adding a user.

The Managed Entries plugin will allow a user to be added even if a group
of the same name exists. This would leave the user without a private
group.

We need to check for both the user and the group so we can do 1 of 3 things:
- throw an error that the group exists (but not the user)
- throw an error that the user exists (and the group)
- allow the uesr to be added

ticket 567

1 files changed, 12 insertions, 0 deletions

diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index c3246f5cd..283c0c416 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -211,6 +211,18 @@ class user_add(LDAPCreate):
     msg_summary = _('Added user "%(value)s"')
 
     def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
+        try:
+            # The Managed Entries plugin will allow a user to be created
+            # even if a group has a duplicate name. This would leave a user
+            # without a private group. Check for both the group and the user.
+            self.api.Command['group_show'](keys[-1])
+            try:
+                self.api.Command['user_show'](keys[-1])
+                raise errors.DuplicateEntry()
+            except errors.NotFound:
+                raise errors.ManagedGroupExistsError(group=keys[-1])
+        except errors.NotFound:
+            pass
         config = ldap.get_ipa_config()[1]
         if 'ipamaxusernamelength' in config:
             if len(keys[-1]) > int(config.get('ipamaxusernamelength')[0]):