Remove ipa-server-install LDAP update errors

python-ldap add_s method raises a NO_SUCH_OBJECT exception when
a parent entry of the entry being added does not exist. This may
not be an error, for example NIS entries are only added when NIS
is enabled and thus the NIS entry container exists.

The exception raised by python-ldap is also incorrectly processed
in ipaldap's addEntry function and an irrelevant exception is
re-raised instead.

Fix LDAP updater to just log an information when an object cannot
be added due to missing parent object. Also make sure that the
addEntry function exception processing provides the right exception
with a useful description.

https://fedorahosted.org/freeipa/ticket/2520
https://fedorahosted.org/freeipa/ticket/2743

1 files changed, 8 insertions, 1 deletions

diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py
index e803df8a2..61a2ae19f 100644
--- a/ipaserver/install/ldapupdate.py
+++ b/ipaserver/install/ldapupdate.py
@@ -649,7 +649,14 @@ class LDAPUpdate:
                         # addifexist may result in an entry with only a
                         # dn defined. In that case there is nothing to do.
                         # It means the entry doesn't exist, so skip it.
-                        self.conn.addEntry(entry)
+                        try:
+                            self.conn.addEntry(entry)
+                        except errors.NotFound:
+                            # parent entry of the added entry does not exist
+                            # this may not be an error (e.g. entries in NIS container)
+                            root_logger.info("Parent DN of %s may not exist, cannot create the entry",
+                                    entry.dn)
+                            return
                 self.modified = True
             except Exception, e:
                 root_logger.error("Add failure %s", e)