On 09/26/2012 04:12 PM, Martin Kosek wrote:
On 09/26/2012 03:23 PM, Tomas Babej wrote:
On 09/25/2012 12:37 PM, Tomas Babej wrote:
Hi,
On adding new user, host-add tries to make it a member of default
user group. This, however, can raise AlreadyGroupMember when the
user is already member of this group due to automember rule or
default group configured. This patch makes sure AlreadyGroupMember
exception is caught in such cases.
https://fedorahosted.org/freeipa/ticket/3097
Tomas
I fixed the typo in the commit message. It refers to the proper command now.
Tomas
I would also like to see the tests that Petr Viktorin already asked for.
Setting an automember default group to ipausers, adding a user and checking the
result should be enough.
Martin
I added a relevant test to the test_host_plugin.py file.
Tomas
>From 1fde7997741ed113cebcc1122f6d8b49c2aac959 Mon Sep 17 00:00:00 2001
From: Tomas Babej <tba...@redhat.com>
Date: Tue, 25 Sep 2012 06:20:49 -0400
Subject: [PATCH] Improve user addition to default group in user-add
On adding new user, user-add tries to make it a member of default
user group. This, however, can raise AlreadyGroupMember when the
user is already member of this group due to automember rule or
default group configured. This patch makes sure AlreadyGroupMember
exception is caught in such cases.
https://fedorahosted.org/freeipa/ticket/3097
---
ipalib/plugins/user.py | 10 +++++-
tests/test_xmlrpc/test_user_plugin.py | 65 +++++++++++++++++++++++++++++++++++
2 files changed, 74 insertions(+), 1 deletion(-)
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index e6eb0d9cb3f483ab7c92a8ccc78be3c867360d28..5d667dc94d483c2775d4a1d793624fc081615047 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -538,7 +538,15 @@ class user_add(LDAPCreate):
# add the user we just created into the default primary group
def_primary_group = config.get('ipadefaultprimarygroup')
group_dn = self.api.Object['group'].get_dn(def_primary_group)
- ldap.add_entry_to_group(dn, group_dn)
+
+ # if the user is already a member of default primary group,
+ # do not raise error
+ # this can happen if automember rule or default group is set
+ try:
+ ldap.add_entry_to_group(dn, group_dn)
+ except errors.AlreadyGroupMember:
+ pass
+
if self.api.env.wait_for_attr:
newentry = wait_for_value(ldap, dn, 'memberOf', def_primary_group)
entry_from_entry(entry_attrs, newentry)
diff --git a/tests/test_xmlrpc/test_user_plugin.py b/tests/test_xmlrpc/test_user_plugin.py
index 63a24cd64105bdf510ff930c0adc7b9c7aa511cb..50630a0f9f8073e9130aa027c32323558b248bf8 100644
--- a/tests/test_xmlrpc/test_user_plugin.py
+++ b/tests/test_xmlrpc/test_user_plugin.py
@@ -66,6 +66,7 @@ class test_user(Declarative):
cleanup_commands = [
('user_del', [user1, user2, renameduser1, admin2], {'continue': True}),
('group_del', [group1], {}),
+ ('automember_default_group_remove', [], {'type': u'group'}),
]
tests = [
@@ -1682,4 +1683,68 @@ class test_user(Declarative):
container=admins_group),
),
+ dict(
+ desc='Set default automember group for groups as ipausers',
+ command=(
+ 'automember_default_group_set', [], dict(
+ type=u'group',
+ automemberdefaultgroup=u'ipausers'
+ )
+ ),
+ expected=dict(
+ result=dict(
+ cn=[u'Group'],
+ automemberdefaultgroup=[DN(('cn', 'ipausers'), ('cn', 'groups'), ('cn', 'accounts'), api.env.basedn)],
+ ),
+ value=u'group',
+ summary=u'Set default (fallback) group for automember "group"',
+ ),
+ ),
+
+ dict(
+ desc='Delete "%s"' % user2,
+ command=('user_del', [user2], {}),
+ expected=dict(
+ result=dict(failed=u''),
+ summary=u'Deleted user "%s"' % user2,
+ value=user2,
+ ),
+ ),
+
+ dict(
+ desc='Create %r' % user2,
+ command=(
+ 'user_add', [user2], dict(givenname=u'Test', sn=u'User2')
+ ),
+ expected=dict(
+ value=user2,
+ summary=u'Added user "tuser2"',
+ result=dict(
+ gecos=[u'Test User2'],
+ givenname=[u'Test'],
+ homedirectory=[u'/home/tuser2'],
+ krbprincipalname=[u'tuser2@' + api.env.realm],
+ has_keytab=False,
+ has_password=False,
+ loginshell=[u'/bin/sh'],
+ objectclass=objectclasses.user,
+ sn=[u'User2'],
+ uid=[user2],
+ uidnumber=[fuzzy_digits],
+ gidnumber=[fuzzy_digits],
+ mail=[u'%s@%s' % (user2, api.env.domain)],
+ displayname=[u'Test User2'],
+ cn=[u'Test User2'],
+ initials=[u'TU'],
+ ipauniqueid=[fuzzy_uuid],
+ krbpwdpolicyreference=[DN(('cn', 'global_policy'), ('cn', api.env.realm), ('cn', 'kerberos'),
+ api.env.basedn)],
+ mepmanagedentry=[DN(('cn', user2), ('cn', 'groups'), ('cn', 'accounts'),
+ api.env.basedn)],
+ memberof_group=[u'ipausers'],
+ dn=DN(('uid', 'tuser2'), ('cn', 'users'), ('cn', 'accounts'),
+ api.env.basedn),
+ ),
+ ),
+ ),
]
--
1.7.11.4
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
