diff options
| author | Martin Kosek <mkosek@redhat.com> | 2013-01-18 17:28:39 +0100 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2013-02-14 08:38:11 +0100 |
| commit | e60e80e2b6710e581e417d9e7e05cea21ba9f6b0 (patch) | |
| tree | 828e6b7d2142ca73a59bd747ed3db7db55511883 /ipalib | |
| parent | 4c4418fb9e9c2cf4fff8dec59b6d8fcdb05ea706 (diff) | |
| download | freeipa-e60e80e2b6710e581e417d9e7e05cea21ba9f6b0.tar.gz freeipa-e60e80e2b6710e581e417d9e7e05cea21ba9f6b0.tar.xz freeipa-e60e80e2b6710e581e417d9e7e05cea21ba9f6b0.zip | |
Generalize AD GC search
Modify access methods to AD GC so that callers can specify a custom
basedn, filter, scope and attribute list, thus allowing it to perform
any LDAP search.
Error checking methodology in these functions was changed, so that it
rather raises an exception with a desription instead of simply returning
a None or False value which would made an investigation why something
does not work much more difficult. External membership method in
group-add-member command was updated to match this approach.
https://fedorahosted.org/freeipa/ticket/2997
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/plugins/group.py | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/ipalib/plugins/group.py b/ipalib/plugins/group.py index f86b134e6..347a7ee9f 100644 --- a/ipalib/plugins/group.py +++ b/ipalib/plugins/group.py @@ -384,11 +384,12 @@ class group_add_member(LDAPAddMember): if domain_validator.is_trusted_sid_valid(sid): sids.append(sid) else: - actual_sid = domain_validator.get_sid_trusted_domain_object(sid) - if isinstance(actual_sid, unicode): - sids.append(actual_sid) + try: + actual_sid = domain_validator.get_trusted_domain_object_sid(sid) + except errors.PublicError, e: + failed_sids.append((sid, unicode(e))) else: - failed_sids.append((sid, 'Not a trusted domain SID')) + sids.append(actual_sid) if len(sids) == 0: raise errors.ValidationError(name=_('external member'), error=_('values are not recognized as valid SIDs from trusted domain')) |