On Thu, 2012-05-10 at 11:02 +0200, Martin Kosek wrote: > LDAP addEntry method raises an exception when a parent entry of > the entry being added does not exist. This may not be an error, > for example NIS entries are only added when NIS is enabled and > thus the NIS entry container exists. > > This patch adds an appropriate check so that we rather add > a debug message to ipaupgrade.log instead of raising a user > visible error. > > https://fedorahosted.org/freeipa/ticket/2743 >
I got inspired in ticket #2520 and prepared a better solution which fixes both the incorrect exception processing in ipaldap + handles gracefully the missing parent entry situation without emitting extra LDAP query. Patch is attached. Martin
>From 860ea53a8764f782ac6690706beb6ea3d6e1afe1 Mon Sep 17 00:00:00 2001 From: Martin Kosek <mko...@redhat.com> Date: Fri, 11 May 2012 16:59:56 +0200 Subject: [PATCH] Remove ipa-server-install LDAP update errors python-ldap add_s method raises a NO_SUCH_OBJECT exception when a parent entry of the entry being added does not exist. This may not be an error, for example NIS entries are only added when NIS is enabled and thus the NIS entry container exists. The exception raised by python-ldap is also incorrectly processed in ipaldap's addEntry function and an irrelevant exception is re-raised instead. Fix LDAP updater to just log an information when an object cannot be added due to missing parent object. Also make sure that the addEntry function exception processing provides the right exception with a useful description. https://fedorahosted.org/freeipa/ticket/2520 https://fedorahosted.org/freeipa/ticket/2743 --- ipaserver/install/ldapupdate.py | 9 ++++++++- ipaserver/ipaldap.py | 2 +- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py index e803df8a23caac59d5baf55cf5324cd9d0b262e0..61a2ae19ffad0abbe9222c68190dfcac9e472c57 100644 --- a/ipaserver/install/ldapupdate.py +++ b/ipaserver/install/ldapupdate.py @@ -649,7 +649,14 @@ class LDAPUpdate: # addifexist may result in an entry with only a # dn defined. In that case there is nothing to do. # It means the entry doesn't exist, so skip it. - self.conn.addEntry(entry) + try: + self.conn.addEntry(entry) + except errors.NotFound: + # parent entry of the added entry does not exist + # this may not be an error (e.g. entries in NIS container) + root_logger.info("Parent DN of %s may not exist, cannot create the entry", + entry.dn) + return self.modified = True except Exception, e: root_logger.error("Add failure %s", e) diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py index 23279aa0b3bd976d1314ce76f1ccd8ae3f5c2d63..8b5451c730f0a4cc72a597f934a940dc2b143a05 100644 --- a/ipaserver/ipaldap.py +++ b/ipaserver/ipaldap.py @@ -492,7 +492,7 @@ class IPAdmin(IPAEntryLDAPObject): self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl) self.add_s(entry.dn, entry.toTupleList()) except ldap.LDAPError, e: - arg_desc = 'entry=%s' % (entry) + arg_desc = 'entry=%s' % (entry.toTupleList()) self.__handle_errors(e, arg_desc=arg_desc) return True -- 1.7.7.6
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
