diff options
author | Martin Nagy <mnagy@redhat.com> | 2008-09-10 13:41:57 +0200 |
---|---|---|
committer | Martin Nagy <mnagy@redhat.com> | 2008-09-11 23:39:28 +0200 |
commit | f33c57e6f811f97dfe7867420d97ec90a545c1ca (patch) | |
tree | 203659cd5ea4aef98f5083f67f1fc58fb85bc1f6 | |
parent | fa019e932d2557b49e3dc1c29a0704fa8076086b (diff) | |
download | freeipa-f33c57e6f811f97dfe7867420d97ec90a545c1ca.tar.gz freeipa-f33c57e6f811f97dfe7867420d97ec90a545c1ca.tar.xz freeipa-f33c57e6f811f97dfe7867420d97ec90a545c1ca.zip |
Fix the -G option of ipa-adduser. Don't add the user if one of the groups doesn't exist. Fixes: 459801
-rw-r--r-- | ipa-admintools/ipa-adduser | 39 |
1 files changed, 28 insertions, 11 deletions
diff --git a/ipa-admintools/ipa-adduser b/ipa-admintools/ipa-adduser index c3c5909f..cf1f4324 100644 --- a/ipa-admintools/ipa-adduser +++ b/ipa-admintools/ipa-adduser @@ -218,8 +218,24 @@ def main(): user.setValue(attr, value) client = ipaclient.IPAClient(verbose=options.verbose) + + # get group dns and verify they exist + groups_to_add = [] + if groups: + for group in groups.split(','): + group_dn = get_group_dn(client, group) + if not group_dn: + print "group %s doesn't exist" % group + return 1 + groups_to_add.append(group_dn) + + # add the user client.add_user(user) + # add the user to all the groups + for group in groups_to_add: + client.add_user_to_group(username, group) + # Set the User's password if password is not None: try: @@ -229,20 +245,21 @@ def main(): print "%s" % (e.message) return 1 - # Add to any groups - if groups: - add_groups = groups.split(',') - for g in add_groups: - if g: - try: - client.add_user_to_group(username, g) - print "%s added to group %s" % (username, g) - except ipa.ipaerror.exception_for(ipa.ipaerror.LDAP_NOT_FOUND): - print "group %s doesn't exist, skipping" % g - print username + " successfully added" return 0 +def get_group_dn(client, group_name): + if not group_name: + return None + + found = client.find_groups(group_name) + if len(found) < 2: + return None + for group in found[1:]: + if group.cn == group_name: + return group.dn + return None + try: if __name__ == "__main__": sys.exit(main()) |