idviews: Catch errors on unsuccessful AD object lookup when resolving object name to anchor

When resolving non-existent objects, domain validator will raise ValidationError. We need
to anticipate and properly handle this case.

Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>

1 files changed, 13 insertions, 8 deletions

diff --git a/ipalib/plugins/idviews.py b/ipalib/plugins/idviews.py
index ad1193f69..0a387b142 100644
--- a/ipalib/plugins/idviews.py
+++ b/ipalib/plugins/idviews.py
@@ -416,14 +416,19 @@ def resolve_object_to_anchor(ldap, obj_type, obj):
         pass
 
     # If not successfull, try looking up the object in the trusted domain
-    if _dcerpc_bindings_installed:
-        domain_validator = ipaserver.dcerpc.DomainValidator(api)
-        if domain_validator.is_configured():
-            sid = domain_validator.get_trusted_domain_object_sid(obj)
-
-            # There is no domain prefix since SID contains information
-            # about the domain
-            return SID_ANCHOR_PREFIX + sid
+    try:
+        if _dcerpc_bindings_installed:
+            domain_validator = ipaserver.dcerpc.DomainValidator(api)
+            if domain_validator.is_configured():
+                sid = domain_validator.get_trusted_domain_object_sid(obj)
+
+                # There is no domain prefix since SID contains information
+                # about the domain
+                return SID_ANCHOR_PREFIX + sid
+    except errors.ValidationError:
+        # Domain validator raises Validation Error if object name does not
+        # contain domain part (either NETBIOS\ prefix or @domain.name suffix)
+        pass
 
     # No acceptable object was found
     api.Object[obj_type].handle_not_found(obj)