From b241e828a9b47a6c706a3ac8378fd6e57b8202fb Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Thu, 23 Feb 2012 17:25:53 -0500
Subject: Catch public exceptions when creating the LDAP context in WSGI.

Made specifically for the case where S4U2Proxy delegation fails.

https://fedorahosted.org/freeipa/ticket/2414
---
 ipaserver/plugins/ldap2.py | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'ipaserver/plugins/ldap2.py')

diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index 0a76670d9..ffe2fba8a 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -241,6 +241,9 @@ def _handle_errors(e, **kw):
     except _ldap.SUCCESS:
         pass
     except _ldap.LDAPError, e:
+        if 'NOT_ALLOWED_TO_DELEGATE' in info:
+            raise errors.ACIError(info="KDC returned NOT_ALLOWED_TO_DELEGATE")
+        root_logger.info('Unhandled LDAPError: %s' % str(e))
         raise errors.DatabaseError(desc=desc, info=info)
 
 
-- 
cgit