From 53e872fb72098a8c504613c0946cecfe31d5fab7 Mon Sep 17 00:00:00 2001
From: "rcritten@redhat.com" <rcritten@redhat.com>
Date: Wed, 3 Oct 2007 17:37:13 -0400
Subject: Try to catch more error conditions during installation Modify the way
 we detect SELinux to use selinuxenabled instead of using   a try/except.
 Handle SASL/GSSAPI authentication failures when getting a connection

---
 ipa-server/xmlrpc-server/funcs.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'ipa-server/xmlrpc-server/funcs.py')

diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py
index 0f4850e9..bf2cde4f 100644
--- a/ipa-server/xmlrpc-server/funcs.py
+++ b/ipa-server/xmlrpc-server/funcs.py
@@ -69,7 +69,7 @@ class IPAConnPool:
         if conn is None:
             return
         # We can't re-use SASL connections. If proxydn is None it means
-        # we have a Kerberos credentails cache set. See ipaldap.set_krbccache
+        # we have a Kerberos credentials cache set. See ipaldap.set_krbccache
         if conn.proxydn is None:
             conn.unbind_s()
         else:
@@ -168,7 +168,10 @@ class IPAServer:
         else:
             raise ipaerror.gen_exception(ipaerror.CONNECTION_NO_CCACHE)
 
-        conn = _LDAPPool.getConn(self.host,port,bindca,bindcert,bindkey,proxy_dn,krbccache,debug)
+        try:
+            conn = _LDAPPool.getConn(self.host,port,bindca,bindcert,bindkey,proxy_dn,krbccache,debug)
+        except ldap.INVALID_CREDENTIALS, e:
+            raise ipaerror.gen_exception(ipaerror.CONNECTION_GSSAPI_CREDENTIALS, nested_exception=e)
 
         if conn is None:
             raise ipaerror.gen_exception(ipaerror.CONNECTION_NO_CONN)
-- 
cgit