summaryrefslogtreecommitdiffstats
path: root/ipalib/plugins
diff options
context:
space:
mode:
authorMartin Kosek <mkosek@redhat.com>2013-01-18 17:28:39 +0100
committerMartin Kosek <mkosek@redhat.com>2013-02-14 08:38:11 +0100
commite60e80e2b6710e581e417d9e7e05cea21ba9f6b0 (patch)
tree828e6b7d2142ca73a59bd747ed3db7db55511883 /ipalib/plugins
parent4c4418fb9e9c2cf4fff8dec59b6d8fcdb05ea706 (diff)
downloadfreeipa-e60e80e2b6710e581e417d9e7e05cea21ba9f6b0.tar.gz
freeipa-e60e80e2b6710e581e417d9e7e05cea21ba9f6b0.tar.xz
freeipa-e60e80e2b6710e581e417d9e7e05cea21ba9f6b0.zip
Generalize AD GC search
Modify access methods to AD GC so that callers can specify a custom basedn, filter, scope and attribute list, thus allowing it to perform any LDAP search. Error checking methodology in these functions was changed, so that it rather raises an exception with a desription instead of simply returning a None or False value which would made an investigation why something does not work much more difficult. External membership method in group-add-member command was updated to match this approach. https://fedorahosted.org/freeipa/ticket/2997
Diffstat (limited to 'ipalib/plugins')
-rw-r--r--ipalib/plugins/group.py9
1 files changed, 5 insertions, 4 deletions
diff --git a/ipalib/plugins/group.py b/ipalib/plugins/group.py
index f86b134e6..347a7ee9f 100644
--- a/ipalib/plugins/group.py
+++ b/ipalib/plugins/group.py
@@ -384,11 +384,12 @@ class group_add_member(LDAPAddMember):
if domain_validator.is_trusted_sid_valid(sid):
sids.append(sid)
else:
- actual_sid = domain_validator.get_sid_trusted_domain_object(sid)
- if isinstance(actual_sid, unicode):
- sids.append(actual_sid)
+ try:
+ actual_sid = domain_validator.get_trusted_domain_object_sid(sid)
+ except errors.PublicError, e:
+ failed_sids.append((sid, unicode(e)))
else:
- failed_sids.append((sid, 'Not a trusted domain SID'))
+ sids.append(actual_sid)
if len(sids) == 0:
raise errors.ValidationError(name=_('external member'),
error=_('values are not recognized as valid SIDs from trusted domain'))