Fix: container owner should be able to add vault

With recent change in DS (CVE fix), ds is not returging DuplicatedEntry error in case that user is not permitted by ACI to write, but ACIError instead. Is safe to ignore ACI error in container, because it will be raised again later if user has no access to container. https://fedorahosted.org/freeipa/ticket/6159 Reviewed-By: Martin Basti <mbasti@redhat.com>
author: Martin Basti <mbasti@redhat.com> 2016-08-18 10:11:25 +0200
committer: Martin Basti <mbasti@redhat.com> 2016-08-18 13:02:38 +0200
commit: 6b7d6417d403c983691c790c1e60cfe32bf1c420 (patch)
tree: 924d8a60f75e6e2c6087821af1643ccdf9d24c57 /ipaserver/plugins
parent: b6d5ed139b261b5db078ab652d22ea1d3b8092d3 (diff)
download: freeipa-6b7d6417d403c983691c790c1e60cfe32bf1c420.tar.gz
freeipa-6b7d6417d403c983691c790c1e60cfe32bf1c420.tar.xz
freeipa-6b7d6417d403c983691c790c1e60cfe32bf1c420.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/ipaserver/plugins/vault.py b/ipaserver/plugins/vault.py
index c9b7cb942..5c4c09685 100644
--- a/ipaserver/plugins/vault.py
+++ b/ipaserver/plugins/vault.py
@@ -783,7 +783,7 @@ class vault_add_internal(LDAPCreate):
 
         try:
             self.obj.create_container(parent_dn, owner_dn)
-        except errors.DuplicateEntry as e:
+        except (errors.DuplicateEntry, errors.ACIError):
             pass
 
         # vault should be owned by the creator
author	Martin Basti <mbasti@redhat.com>	2016-08-18 10:11:25 +0200
committer	Martin Basti <mbasti@redhat.com>	2016-08-18 13:02:38 +0200
commit	6b7d6417d403c983691c790c1e60cfe32bf1c420 (patch)
tree	924d8a60f75e6e2c6087821af1643ccdf9d24c57 /ipaserver/plugins
parent	b6d5ed139b261b5db078ab652d22ea1d3b8092d3 (diff)
download	freeipa-6b7d6417d403c983691c790c1e60cfe32bf1c420.tar.gz freeipa-6b7d6417d403c983691c790c1e60cfe32bf1c420.tar.xz freeipa-6b7d6417d403c983691c790c1e60cfe32bf1c420.zip