diff options
| -rw-r--r-- | ipalib/errors.py | 15 | ||||
| -rw-r--r-- | ipalib/plugins/virtual.py | 6 | ||||
| -rw-r--r-- | ipaserver/plugins/ldap2.py | 2 |
3 files changed, 20 insertions, 3 deletions
diff --git a/ipalib/errors.py b/ipalib/errors.py index ad5f584f1..cec80fb47 100644 --- a/ipalib/errors.py +++ b/ipalib/errors.py @@ -1119,6 +1119,21 @@ class LimitsExceeded(ExecutionError): errno = 4204 format = _('limits exceeded for this query') +class ObjectclassViolation(ExecutionError): + """ + **4205** Raised when an entry is missing a required attribute or objectclass + + For example: + + >>> raise ObjectclassViolation(info='attribute "krbPrincipalName" not allowed') + Traceback (most recent call last): + ... + ObjectclassViolation: attribute "krbPrincipalName" not allowed + """ + + errno = 4205 + format = _('%(info)s') + ############################################################################## # 5000 - 5999: Generic errors diff --git a/ipalib/plugins/virtual.py b/ipalib/plugins/virtual.py index a1dfbdf68..d21a58f12 100644 --- a/ipalib/plugins/virtual.py +++ b/ipalib/plugins/virtual.py @@ -49,7 +49,7 @@ class VirtualCommand(Command): if self.operation is None: raise errors.ACIError(info='operation not defined') - ldap = self.api.Backend.ldap + ldap = self.api.Backend.ldap2 self.log.info("IPA: virtual verify %s" % self.operation) operationdn = "cn=%s,%s,%s" % (self.operation, self.api.env.container_virtual, self.api.env.basedn) @@ -65,9 +65,9 @@ class VirtualCommand(Command): except errors.ACIError, e: self.log.debug("%s" % str(e)) raise errors.ACIError(info='not allowed to perform this command') - except errors.DatabaseError: + except errors.ObjectclassViolation: return except Exception, e: # Something unexpected happened. Log it and deny access to be safe. - self.log.info("Virtual verify failed: %s" % str(e)) + self.log.info("Virtual verify failed: %s %s" % (type(e), str(e))) raise errors.ACIError(info='not allowed to perform this command') diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index 639552b26..c854dac28 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -99,6 +99,8 @@ def _handle_errors(e, **kw): # it indicates the previous attribute was removed by another # update, making the oldentry stale. raise errors.MidairCollision() + except _ldap.OBJECT_CLASS_VIOLATION: + raise errors.ObjectclassViolation(info=info) except _ldap.ADMINLIMIT_EXCEEDED, e: raise errors.LimitsExceeded() except _ldap.SIZELIMIT_EXCEEDED, e: |