diff options
author | Tomas Babej <tbabej@redhat.com> | 2014-09-29 15:29:33 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-09-30 10:42:06 +0200 |
commit | 47268575c931fd57298617fe979f25cb1a90d1bb (patch) | |
tree | 1cb6651adb627ef8ffc14cec9b79c4da752d16e1 /ipalib/plugins | |
parent | dbf8d97ecf5d82c1e0e1a11cdf64dd670309c2a5 (diff) | |
download | freeipa-47268575c931fd57298617fe979f25cb1a90d1bb.tar.gz freeipa-47268575c931fd57298617fe979f25cb1a90d1bb.tar.xz freeipa-47268575c931fd57298617fe979f25cb1a90d1bb.zip |
idviews: Catch errors on unsuccessful AD object lookup when resolving object name to anchor
When resolving non-existent objects, domain validator will raise ValidationError. We need
to anticipate and properly handle this case.
Part of: https://fedorahosted.org/freeipa/ticket/3979
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'ipalib/plugins')
-rw-r--r-- | ipalib/plugins/idviews.py | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/ipalib/plugins/idviews.py b/ipalib/plugins/idviews.py index ad1193f69..0a387b142 100644 --- a/ipalib/plugins/idviews.py +++ b/ipalib/plugins/idviews.py @@ -416,14 +416,19 @@ def resolve_object_to_anchor(ldap, obj_type, obj): pass # If not successfull, try looking up the object in the trusted domain - if _dcerpc_bindings_installed: - domain_validator = ipaserver.dcerpc.DomainValidator(api) - if domain_validator.is_configured(): - sid = domain_validator.get_trusted_domain_object_sid(obj) - - # There is no domain prefix since SID contains information - # about the domain - return SID_ANCHOR_PREFIX + sid + try: + if _dcerpc_bindings_installed: + domain_validator = ipaserver.dcerpc.DomainValidator(api) + if domain_validator.is_configured(): + sid = domain_validator.get_trusted_domain_object_sid(obj) + + # There is no domain prefix since SID contains information + # about the domain + return SID_ANCHOR_PREFIX + sid + except errors.ValidationError: + # Domain validator raises Validation Error if object name does not + # contain domain part (either NETBIOS\ prefix or @domain.name suffix) + pass # No acceptable object was found api.Object[obj_type].handle_not_found(obj) |