2 files changed, 27 insertions, 0 deletions

diff --git a/ipalib/errors.py b/ipalib/errors.py
index 49d6343a4..8e119837e 100644
--- a/ipalib/errors.py
+++ b/ipalib/errors.py
@@ -1110,6 +1110,21 @@ class ManagedPolicyError(ExecutionError):
     errno = 4021
     format = _('A managed group cannot have a password policy.')
 
+class ManagedGroupExistsError(ExecutionError):
+    """
+    **4024** Raised when adding a user and its managed group exists
+
+    For example:
+
+    >>> raise ManagedGroupExistsError(group=u'engineering')
+    Traceback (most recent call last):
+      ...
+    ManagedGroupExistsError: Unable to create private group. A group 'engineering' already exists.'
+    """
+
+    errno = 4024
+    format = _('Unable to create private group. Group \'%(group)s\' already exists.')
+
 class BuiltinError(ExecutionError):
     """
     **4100** Base class for builtin execution errors (*4100 - 4199*).
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index c3246f5cd..283c0c416 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -211,6 +211,18 @@ class user_add(LDAPCreate):
     msg_summary = _('Added user "%(value)s"')
 
     def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
+        try:
+            # The Managed Entries plugin will allow a user to be created
+            # even if a group has a duplicate name. This would leave a user
+            # without a private group. Check for both the group and the user.
+            self.api.Command['group_show'](keys[-1])
+            try:
+                self.api.Command['user_show'](keys[-1])
+                raise errors.DuplicateEntry()
+            except errors.NotFound:
+                raise errors.ManagedGroupExistsError(group=keys[-1])
+        except errors.NotFound:
+            pass
         config = ldap.get_ipa_config()[1]
         if 'ipamaxusernamelength' in config:
             if len(keys[-1]) > int(config.get('ipamaxusernamelength')[0]):