LDAP addEntry method raises an exception when a parent entry of
the entry being added does not exist. This may not be an error,
for example NIS entries are only added when NIS is enabled and
thus the NIS entry container exists.

This patch adds an appropriate check so that we rather add
a debug message to ipaupgrade.log instead of raising a user
visible error.

https://fedorahosted.org/freeipa/ticket/2743

>From f068f015561fc007049ed58eb90bd94de09eefd3 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mko...@redhat.com>
Date: Thu, 10 May 2012 10:48:09 +0200
Subject: [PATCH] Remove ipa-server-install LDAP update errors

LDAP addEntry method raises an exception when a parent entry of
the entry being added does not exist. This may not be an error,
for example NIS entries are only added when NIS is enabled and
thus the NIS entry container exists.

This patch adds an appropriate check so that we rather add
a debug message to ipaupgrade.log instead of raising a user
visible error.

https://fedorahosted.org/freeipa/ticket/2743
---
 ipaserver/install/ldapupdate.py |   16 ++++++++++++++++
 1 files changed, 16 insertions(+), 0 deletions(-)

diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py
index e803df8a23caac59d5baf55cf5324cd9d0b262e0..779134ca90479465cc7df613bd88565a96130d4b 100644
--- a/ipaserver/install/ldapupdate.py
+++ b/ipaserver/install/ldapupdate.py
@@ -32,6 +32,7 @@ from ipapython import entity, ipautil
 from ipalib import util
 from ipalib import errors
 from ipalib import api
+from ipalib.dn import *
 import ldap
 from ldap.dn import escape_dn_chars
 from ipapython.ipa_log_manager import *
@@ -639,6 +640,21 @@ class LDAPUpdate:
         self.print_entity(entry, "Final value")
 
         if not found:
+            # check first that the parent entry exists
+            # addEntry function raise an exception otherwise
+            try:
+                parent_dn = ",".join(str(rdn) for rdn in DN(entry.dn)[1:])
+                if parent_dn:
+                    self.conn.getList(parent_dn, ldap.SCOPE_BASE, "objectclass=*", [])
+            except errors.NotFound:
+                # parent does not exist
+                root_logger.info("Parent DN %s does not exist, cannot create the entry",
+                        parent_dn)
+                return
+            except Exception, e:
+                root_logger.error("Parent check failure %s", e)
+                return
+
             # New entries get their orig_data set to the entry itself. We want to
             # empty that so that everything appears new when generating the
             # modlist
-- 
1.7.7.6

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to