diff options
author | Rob Crittenden <rcritten@redhat.com> | 2009-09-10 16:10:30 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2009-09-14 09:46:39 -0400 |
commit | eca7cdc94a8377237533259755a19b75c313bd99 (patch) | |
tree | e055c6ac84f3ada3254837e084a0c77d73e06a6f | |
parent | 2c3bca7e7435cf8c24f8af12cd4572830084004c (diff) | |
download | freeipa-eca7cdc94a8377237533259755a19b75c313bd99.tar.gz freeipa-eca7cdc94a8377237533259755a19b75c313bd99.tar.xz freeipa-eca7cdc94a8377237533259755a19b75c313bd99.zip |
Raise more specific error when an Objectclass Violation occurs Fix the virtual plugin to work with the new backend
-rw-r--r-- | ipalib/errors.py | 15 | ||||
-rw-r--r-- | ipalib/plugins/virtual.py | 6 | ||||
-rw-r--r-- | ipaserver/plugins/ldap2.py | 2 |
3 files changed, 20 insertions, 3 deletions
diff --git a/ipalib/errors.py b/ipalib/errors.py index ad5f584f..cec80fb4 100644 --- a/ipalib/errors.py +++ b/ipalib/errors.py @@ -1119,6 +1119,21 @@ class LimitsExceeded(ExecutionError): errno = 4204 format = _('limits exceeded for this query') +class ObjectclassViolation(ExecutionError): + """ + **4205** Raised when an entry is missing a required attribute or objectclass + + For example: + + >>> raise ObjectclassViolation(info='attribute "krbPrincipalName" not allowed') + Traceback (most recent call last): + ... + ObjectclassViolation: attribute "krbPrincipalName" not allowed + """ + + errno = 4205 + format = _('%(info)s') + ############################################################################## # 5000 - 5999: Generic errors diff --git a/ipalib/plugins/virtual.py b/ipalib/plugins/virtual.py index a1dfbdf6..d21a58f1 100644 --- a/ipalib/plugins/virtual.py +++ b/ipalib/plugins/virtual.py @@ -49,7 +49,7 @@ class VirtualCommand(Command): if self.operation is None: raise errors.ACIError(info='operation not defined') - ldap = self.api.Backend.ldap + ldap = self.api.Backend.ldap2 self.log.info("IPA: virtual verify %s" % self.operation) operationdn = "cn=%s,%s,%s" % (self.operation, self.api.env.container_virtual, self.api.env.basedn) @@ -65,9 +65,9 @@ class VirtualCommand(Command): except errors.ACIError, e: self.log.debug("%s" % str(e)) raise errors.ACIError(info='not allowed to perform this command') - except errors.DatabaseError: + except errors.ObjectclassViolation: return except Exception, e: # Something unexpected happened. Log it and deny access to be safe. - self.log.info("Virtual verify failed: %s" % str(e)) + self.log.info("Virtual verify failed: %s %s" % (type(e), str(e))) raise errors.ACIError(info='not allowed to perform this command') diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index 639552b2..c854dac2 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -99,6 +99,8 @@ def _handle_errors(e, **kw): # it indicates the previous attribute was removed by another # update, making the oldentry stale. raise errors.MidairCollision() + except _ldap.OBJECT_CLASS_VIOLATION: + raise errors.ObjectclassViolation(info=info) except _ldap.ADMINLIMIT_EXCEEDED, e: raise errors.LimitsExceeded() except _ldap.SIZELIMIT_EXCEEDED, e: |