1 files changed, 12 insertions, 3 deletions

diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index 26b43b90d..ad1b8b0fb 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -24,6 +24,8 @@ import re
 import time
 from copy import deepcopy
 import base64
+import pprint
+import traceback
 
 from ipalib import api, crud, errors
 from ipalib import Method, Object, Command
@@ -738,12 +740,14 @@ def _check_limit_object_class(attributes, attrs, allow_only):
     if len(attributes[0]) == 0 and len(attributes[1]) == 0:
         return
     limitattrs = deepcopy(attrs)
+    pp = pprint.PrettyPrinter(indent=4)
+    pp.pprint(attributes)
     # Go through the MUST first
     for (oid, attr) in attributes[0].iteritems():
         if attr.names[0].lower() in limitattrs:
             if not allow_only:
                 raise errors.ObjectclassViolation(
-                    info=_('attribute "%(attribute)s" not allowed') % dict(
+                    info=_('attribute a "%(attribute)s" not allowed') % dict(
                         attribute=attr.names[0].lower()))
             limitattrs.remove(attr.names[0].lower())
     # And now the MAY
@@ -751,12 +755,12 @@ def _check_limit_object_class(attributes, attrs, allow_only):
         if attr.names[0].lower() in limitattrs:
             if not allow_only:
                 raise errors.ObjectclassViolation(
-                    info=_('attribute "%(attribute)s" not allowed') % dict(
+                    info=_('attribute b "%(attribute)s" not allowed') % dict(
                         attribute=attr.names[0].lower()))
             limitattrs.remove(attr.names[0].lower())
     if len(limitattrs) > 0 and allow_only:
         raise errors.ObjectclassViolation(
-            info=_('attribute "%(attribute)s" not allowed') % dict(
+            info=_('attribute c "%(attribute)s" not allowed') % dict(
                 attribute=limitattrs[0]))
 
 
@@ -1642,6 +1646,11 @@ class LDAPAddMember(LDAPModMember):
                     try:
                         ldap.add_entry_to_group(m_dn, dn, attr, allow_same=self.allow_same)
                     except errors.PublicError, e:
+                        print e
+                        traceback.print_exc()
+                        print ldap_obj_name
+                        print attr
+                        print m_dn
                         ldap_obj = self.api.Object[ldap_obj_name]
                         failed[attr][ldap_obj_name].append((
                             ldap_obj.get_primary_key_from_dn(m_dn),