From 19049d1a64d55921980103cbb3ce36d40fc9ffff Mon Sep 17 00:00:00 2001
From: Jan Zeleny <jzeleny@redhat.com>
Date: Mon, 6 Dec 2010 17:08:10 +0100
Subject: Check if the group exists

When setting default group, we should check if the group exists.
If not, it could lead to some issues with adding new users after
the new default group is set.

https://fedorahosted.org/freeipa/ticket/504
---
 ipalib/plugins/config.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ipalib/plugins/config.py b/ipalib/plugins/config.py
index 482b06bf8..79db77e98 100644
--- a/ipalib/plugins/config.py
+++ b/ipalib/plugins/config.py
@@ -149,6 +149,12 @@ class config_mod(LDAPUpdate):
                 entry_attrs['ipamigrationenabled'] = 'TRUE'
             else:
                 entry_attrs['ipamigrationenabled'] = 'FALSE'
+        if 'ipadefaultprimarygroup' in entry_attrs:
+            group=entry_attrs['ipadefaultprimarygroup']
+            try:
+                api.Command['group_show'](group)
+            except errors.NotFound:
+                raise errors.NotFound(message=unicode("The group doesn't exist"))
         return dn
 
 api.register(config_mod)
-- 
cgit