summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2009-09-10 16:10:30 -0400
committerRob Crittenden <rcritten@redhat.com>2009-09-14 09:46:39 -0400
commiteca7cdc94a8377237533259755a19b75c313bd99 (patch)
treee055c6ac84f3ada3254837e084a0c77d73e06a6f
parent2c3bca7e7435cf8c24f8af12cd4572830084004c (diff)
downloadfreeipa-eca7cdc94a8377237533259755a19b75c313bd99.tar.gz
freeipa-eca7cdc94a8377237533259755a19b75c313bd99.tar.xz
freeipa-eca7cdc94a8377237533259755a19b75c313bd99.zip
Raise more specific error when an Objectclass Violation occurs Fix the virtual plugin to work with the new backend
-rw-r--r--ipalib/errors.py15
-rw-r--r--ipalib/plugins/virtual.py6
-rw-r--r--ipaserver/plugins/ldap2.py2
3 files changed, 20 insertions, 3 deletions
diff --git a/ipalib/errors.py b/ipalib/errors.py
index ad5f584f..cec80fb4 100644
--- a/ipalib/errors.py
+++ b/ipalib/errors.py
@@ -1119,6 +1119,21 @@ class LimitsExceeded(ExecutionError):
errno = 4204
format = _('limits exceeded for this query')
+class ObjectclassViolation(ExecutionError):
+ """
+ **4205** Raised when an entry is missing a required attribute or objectclass
+
+ For example:
+
+ >>> raise ObjectclassViolation(info='attribute "krbPrincipalName" not allowed')
+ Traceback (most recent call last):
+ ...
+ ObjectclassViolation: attribute "krbPrincipalName" not allowed
+ """
+
+ errno = 4205
+ format = _('%(info)s')
+
##############################################################################
# 5000 - 5999: Generic errors
diff --git a/ipalib/plugins/virtual.py b/ipalib/plugins/virtual.py
index a1dfbdf6..d21a58f1 100644
--- a/ipalib/plugins/virtual.py
+++ b/ipalib/plugins/virtual.py
@@ -49,7 +49,7 @@ class VirtualCommand(Command):
if self.operation is None:
raise errors.ACIError(info='operation not defined')
- ldap = self.api.Backend.ldap
+ ldap = self.api.Backend.ldap2
self.log.info("IPA: virtual verify %s" % self.operation)
operationdn = "cn=%s,%s,%s" % (self.operation, self.api.env.container_virtual, self.api.env.basedn)
@@ -65,9 +65,9 @@ class VirtualCommand(Command):
except errors.ACIError, e:
self.log.debug("%s" % str(e))
raise errors.ACIError(info='not allowed to perform this command')
- except errors.DatabaseError:
+ except errors.ObjectclassViolation:
return
except Exception, e:
# Something unexpected happened. Log it and deny access to be safe.
- self.log.info("Virtual verify failed: %s" % str(e))
+ self.log.info("Virtual verify failed: %s %s" % (type(e), str(e)))
raise errors.ACIError(info='not allowed to perform this command')
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index 639552b2..c854dac2 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -99,6 +99,8 @@ def _handle_errors(e, **kw):
# it indicates the previous attribute was removed by another
# update, making the oldentry stale.
raise errors.MidairCollision()
+ except _ldap.OBJECT_CLASS_VIOLATION:
+ raise errors.ObjectclassViolation(info=info)
except _ldap.ADMINLIMIT_EXCEEDED, e:
raise errors.LimitsExceeded()
except _ldap.SIZELIMIT_EXCEEDED, e: