diff options
author | Tomas Babej <tbabej@redhat.com> | 2012-11-15 05:21:16 -0500 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2012-12-06 10:34:23 -0500 |
commit | 0292ebd1e5603a5daabf274b40fb4e10f096ea1c (patch) | |
tree | 6df467255c7ea0aac56689df4aabe3f8238077a3 /ipaserver/plugins | |
parent | 152585e73141ae5485e677f36f7f47551b438bbb (diff) | |
download | freeipa-0292ebd1e5603a5daabf274b40fb4e10f096ea1c.tar.gz freeipa-0292ebd1e5603a5daabf274b40fb4e10f096ea1c.tar.xz freeipa-0292ebd1e5603a5daabf274b40fb4e10f096ea1c.zip |
Add detection for users from trusted/invalid realms
When user from other realm than FreeIPA's tries to use Web UI
(login via forms-based auth or with valid trusted realm ticket),
the 401 Unauthorized error with X-Ipa-Rejection-Reason=denied
is returned.
Also, the support for usernames of the form user@SERVER.REALM
or user@server.realm was added.
https://fedorahosted.org/freeipa/ticket/3252
Diffstat (limited to 'ipaserver/plugins')
-rw-r--r-- | ipaserver/plugins/ldap2.py | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index bf1a0d376..8e8e1604f 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -727,6 +727,8 @@ class ldap2(CrudBackend): except _ldap.SERVER_DOWN: raise NetworkError(uri=self.ldap_uri, error=u'LDAP Server Down') + except _ldap.LOCAL_ERROR: + raise errors.ACIError(info=info) except _ldap.SUCCESS: pass except _ldap.LDAPError, e: |