Raise an error on bad principals instead of printing one when changing passwords

Fix logic in determining what to do with an incoming principal

2 files changed, 11 insertions, 7 deletions

diff --git a/ipalib/errors.py b/ipalib/errors.py
index 989721be4..724654ff2 100644
--- a/ipalib/errors.py
+++ b/ipalib/errors.py
@@ -413,6 +413,10 @@ class InsufficientAccess(GenericError):
     """You do not have permission to perform this task"""
     faultCode = 1027
 
+class InvalidUserPrincipal(GenericError):
+    """Invalid user principal"""
+    faultCode = 1028
+
 class FunctionDeprecated(GenericError):
     """Raised by a deprecated function"""
     faultCode = 2000
diff --git a/ipalib/plugins/f_passwd.py b/ipalib/plugins/f_passwd.py
index edc13b633..c82cd4550 100644
--- a/ipalib/plugins/f_passwd.py
+++ b/ipalib/plugins/f_passwd.py
@@ -52,14 +52,14 @@ class passwd(frontend.Command):
         :param param uid: The login name of the user being updated.
         :param kw: Not used.
         """
-        if principal.find('@') < 0:
+        import pdb
+        pdb.set_trace()
+        if principal.find('@') > 0:
             u = principal.split('@')
-            if len(u) > 2 or len(u) == 0:
-                print "Invalid user name (%s)" % principal
-            if len(u) == 1:
-                principal = principal+"@"+self.api.env.realm
-            else:
-                principal = principal
+            if len(u) > 2:
+                raise errors.InvalidUserPrincipal, principal
+        else:
+            principal = principal+"@"+self.api.env.realm
         dn = self.Backend.ldap.find_entry_dn(
             "krbprincipalname",
             principal,