From 0edeb9b01d7fe11c8a00ab1a986ec7429b8aadbb Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Tue, 25 Sep 2012 06:20:49 -0400 Subject: Improve user addition to default group in user-add On adding new user, user-add tries to make it a member of default user group. This, however, can raise AlreadyGroupMember when the user is already member of this group due to automember rule or default group configured. This patch makes sure AlreadyGroupMember exception is caught in such cases. https://fedorahosted.org/freeipa/ticket/3097 --- ipalib/plugins/user.py | 10 +++++- tests/test_xmlrpc/test_user_plugin.py | 65 +++++++++++++++++++++++++++++++++++ 2 files changed, 74 insertions(+), 1 deletion(-) diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index e6eb0d9c..5d667dc9 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -538,7 +538,15 @@ class user_add(LDAPCreate): # add the user we just created into the default primary group def_primary_group = config.get('ipadefaultprimarygroup') group_dn = self.api.Object['group'].get_dn(def_primary_group) - ldap.add_entry_to_group(dn, group_dn) + + # if the user is already a member of default primary group, + # do not raise error + # this can happen if automember rule or default group is set + try: + ldap.add_entry_to_group(dn, group_dn) + except errors.AlreadyGroupMember: + pass + if self.api.env.wait_for_attr: newentry = wait_for_value(ldap, dn, 'memberOf', def_primary_group) entry_from_entry(entry_attrs, newentry) diff --git a/tests/test_xmlrpc/test_user_plugin.py b/tests/test_xmlrpc/test_user_plugin.py index 63a24cd6..50630a0f 100644 --- a/tests/test_xmlrpc/test_user_plugin.py +++ b/tests/test_xmlrpc/test_user_plugin.py @@ -66,6 +66,7 @@ class test_user(Declarative): cleanup_commands = [ ('user_del', [user1, user2, renameduser1, admin2], {'continue': True}), ('group_del', [group1], {}), + ('automember_default_group_remove', [], {'type': u'group'}), ] tests = [ @@ -1682,4 +1683,68 @@ class test_user(Declarative): container=admins_group), ), + dict( + desc='Set default automember group for groups as ipausers', + command=( + 'automember_default_group_set', [], dict( + type=u'group', + automemberdefaultgroup=u'ipausers' + ) + ), + expected=dict( + result=dict( + cn=[u'Group'], + automemberdefaultgroup=[DN(('cn', 'ipausers'), ('cn', 'groups'), ('cn', 'accounts'), api.env.basedn)], + ), + value=u'group', + summary=u'Set default (fallback) group for automember "group"', + ), + ), + + dict( + desc='Delete "%s"' % user2, + command=('user_del', [user2], {}), + expected=dict( + result=dict(failed=u''), + summary=u'Deleted user "%s"' % user2, + value=user2, + ), + ), + + dict( + desc='Create %r' % user2, + command=( + 'user_add', [user2], dict(givenname=u'Test', sn=u'User2') + ), + expected=dict( + value=user2, + summary=u'Added user "tuser2"', + result=dict( + gecos=[u'Test User2'], + givenname=[u'Test'], + homedirectory=[u'/home/tuser2'], + krbprincipalname=[u'tuser2@' + api.env.realm], + has_keytab=False, + has_password=False, + loginshell=[u'/bin/sh'], + objectclass=objectclasses.user, + sn=[u'User2'], + uid=[user2], + uidnumber=[fuzzy_digits], + gidnumber=[fuzzy_digits], + mail=[u'%s@%s' % (user2, api.env.domain)], + displayname=[u'Test User2'], + cn=[u'Test User2'], + initials=[u'TU'], + ipauniqueid=[fuzzy_uuid], + krbpwdpolicyreference=[DN(('cn', 'global_policy'), ('cn', api.env.realm), ('cn', 'kerberos'), + api.env.basedn)], + mepmanagedentry=[DN(('cn', user2), ('cn', 'groups'), ('cn', 'accounts'), + api.env.basedn)], + memberof_group=[u'ipausers'], + dn=DN(('uid', 'tuser2'), ('cn', 'users'), ('cn', 'accounts'), + api.env.basedn), + ), + ), + ), ] -- cgit