2 files changed, 22 insertions, 1 deletions

diff --git a/ipa-admintools/ipa-adddelegation b/ipa-admintools/ipa-adddelegation
index 8dde908f..3ac053e5 100644
--- a/ipa-admintools/ipa-adddelegation
+++ b/ipa-admintools/ipa-adddelegation
@@ -90,6 +90,25 @@ def main():
         new_aci.dest_group = target_grp[1].dn
         new_aci.attrs = attr_list
 
+        aci_entry = client.get_aci_entry(['*', 'aci'])
+
+        # Look for an existing ACI of the same name
+        aci_str_list = aci_entry.getValues('aci')
+        if aci_str_list is None:
+            aci_str_list = []
+        if not(isinstance(aci_str_list,list) or isinstance(aci_str_list,tuple)):
+            aci_str_list = [aci_str_list]
+
+        for aci_str in aci_str_list:
+            try:
+                old_aci = ipa.aci.ACI(aci_str)
+                if old_aci.name == new_aci.name:
+                    print "A delegation of that name already exists"
+                    return 2
+            except SyntaxError:
+                # ignore aci_str's that ACI can't parse
+                pass
+
         aci_entry = client.get_aci_entry(['dn'])
         aci_entry.setValue('aci', new_aci.export_to_string())
 
diff --git a/ipa-admintools/ipa-listdelegation b/ipa-admintools/ipa-listdelegation
index 54ab346b..4c059c4a 100644
--- a/ipa-admintools/ipa-listdelegation
+++ b/ipa-admintools/ipa-listdelegation
@@ -23,6 +23,7 @@ from optparse import OptionParser
 import ipa.ipaclient as ipaclient
 import ipa.config
 
+import operator
 import xmlrpclib
 import kerberos
 
@@ -75,7 +76,8 @@ def main():
 
     group_dn_to_cn = ipa.aci.extract_group_cns(aci_list, client)
 
-    for a in aci_list:
+    # the operator.itemgetter(0) lets us sort by the name field
+    for a in sorted(aci_list, key=operator.itemgetter(0)):
         labels = client.attrs_to_labels(a.attrs)
         print "Delegation Name: " + a.name
         print "Group " + group_dn_to_cn[a.source_group]