From eca7cdc94a8377237533259755a19b75c313bd99 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Thu, 10 Sep 2009 16:10:30 -0400
Subject: Raise more specific error when an Objectclass Violation occurs Fix
 the virtual plugin to work with the new backend

---
 ipalib/errors.py           | 15 +++++++++++++++
 ipalib/plugins/virtual.py  |  6 +++---
 ipaserver/plugins/ldap2.py |  2 ++
 3 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/ipalib/errors.py b/ipalib/errors.py
index ad5f584f1..cec80fb47 100644
--- a/ipalib/errors.py
+++ b/ipalib/errors.py
@@ -1119,6 +1119,21 @@ class LimitsExceeded(ExecutionError):
     errno = 4204
     format = _('limits exceeded for this query')
 
+class ObjectclassViolation(ExecutionError):
+    """
+    **4205** Raised when an entry is missing a required attribute or objectclass
+
+    For example:
+
+    >>> raise ObjectclassViolation(info='attribute "krbPrincipalName" not allowed')
+    Traceback (most recent call last):
+      ...
+    ObjectclassViolation: attribute "krbPrincipalName" not allowed
+    """
+
+    errno = 4205
+    format = _('%(info)s')
+
 
 ##############################################################################
 # 5000 - 5999: Generic errors
diff --git a/ipalib/plugins/virtual.py b/ipalib/plugins/virtual.py
index a1dfbdf68..d21a58f12 100644
--- a/ipalib/plugins/virtual.py
+++ b/ipalib/plugins/virtual.py
@@ -49,7 +49,7 @@ class VirtualCommand(Command):
         if self.operation is None:
             raise errors.ACIError(info='operation not defined')
 
-        ldap = self.api.Backend.ldap
+        ldap = self.api.Backend.ldap2
         self.log.info("IPA: virtual verify %s" % self.operation)
 
         operationdn = "cn=%s,%s,%s" % (self.operation, self.api.env.container_virtual, self.api.env.basedn)
@@ -65,9 +65,9 @@ class VirtualCommand(Command):
         except errors.ACIError, e:
             self.log.debug("%s" % str(e))
             raise errors.ACIError(info='not allowed to perform this command')
-        except errors.DatabaseError:
+        except errors.ObjectclassViolation:
             return
         except Exception, e:
             # Something unexpected happened. Log it and deny access to be safe.
-            self.log.info("Virtual verify failed: %s" % str(e))
+            self.log.info("Virtual verify failed: %s %s" % (type(e), str(e)))
             raise errors.ACIError(info='not allowed to perform this command')
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index 639552b26..c854dac28 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -99,6 +99,8 @@ def _handle_errors(e, **kw):
         # it indicates the previous attribute was removed by another
         # update, making the oldentry stale.
         raise errors.MidairCollision()
+    except _ldap.OBJECT_CLASS_VIOLATION:
+        raise errors.ObjectclassViolation(info=info)
     except _ldap.ADMINLIMIT_EXCEEDED, e:
         raise errors.LimitsExceeded()
     except _ldap.SIZELIMIT_EXCEEDED, e:
-- 
cgit