From ba8d21f5ae3d4133032c635dad77127cb72ab1bf Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 13 Dec 2010 09:53:29 -0500
Subject: Check for existence of the group when adding a user.

The Managed Entries plugin will allow a user to be added even if a group
of the same name exists. This would leave the user without a private
group.

We need to check for both the user and the group so we can do 1 of 3 things:
- throw an error that the group exists (but not the user)
- throw an error that the user exists (and the group)
- allow the uesr to be added

ticket 567
---
 ipalib/plugins/user.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'ipalib/plugins')

diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index c3246f5c..283c0c41 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -211,6 +211,18 @@ class user_add(LDAPCreate):
     msg_summary = _('Added user "%(value)s"')
 
     def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
+        try:
+            # The Managed Entries plugin will allow a user to be created
+            # even if a group has a duplicate name. This would leave a user
+            # without a private group. Check for both the group and the user.
+            self.api.Command['group_show'](keys[-1])
+            try:
+                self.api.Command['user_show'](keys[-1])
+                raise errors.DuplicateEntry()
+            except errors.NotFound:
+                raise errors.ManagedGroupExistsError(group=keys[-1])
+        except errors.NotFound:
+            pass
         config = ldap.get_ipa_config()[1]
         if 'ipamaxusernamelength' in config:
             if len(keys[-1]) > int(config.get('ipamaxusernamelength')[0]):
-- 
cgit