From 99b84bfd01e0b3f4e9e69ea7c2912545bef0d71a Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 9 Nov 2007 16:34:52 -0500
Subject: Handle ldap.UNWILLING_TO_PERFORM more gracefully

---
 ipa-python/ipaerror.py            | 5 +++++
 ipa-server/xmlrpc-server/funcs.py | 5 ++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/ipa-python/ipaerror.py b/ipa-python/ipaerror.py
index b10a9a8f..f583322e 100644
--- a/ipa-python/ipaerror.py
+++ b/ipa-python/ipaerror.py
@@ -152,3 +152,8 @@ CONNECTION_GSSAPI_CREDENTIALS = gen_error_code(
         CONNECTION_CATEGORY,
         0x0003,
         "GSSAPI Authorization error")
+
+CONNECTION_UNWILLING = gen_error_code(
+        CONNECTION_CATEGORY,
+        0x0004,
+        "Account inactivated. Server is unwilling to perform.")
diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py
index 6fdaaca5..a4512452 100644
--- a/ipa-server/xmlrpc-server/funcs.py
+++ b/ipa-server/xmlrpc-server/funcs.py
@@ -77,7 +77,10 @@ class IPAConnPool:
         conn = ipaserver.ipaldap.IPAdmin(host,port,None,None,None,debug)
 
         # This will bind the connection
-        conn.set_krbccache(krbccache, cprinc.name)
+        try:
+            conn.set_krbccache(krbccache, cprinc.name)
+        except ldap.UNWILLING_TO_PERFORM, e:
+            raise ipaerror.gen_exception(ipaerror.CONNECTION_UNWILLING)
 
         return conn
 
-- 
cgit