On 02/19/2013 10:19 PM, Rob Crittenden wrote:
> Martin Kosek wrote:
>> On 01/24/2013 12:01 PM, Martin Kosek wrote:
>>> When user tries to perform any action requiring communication with
>>> trusted domain, IPA server tries to retrieve a trust secret on his
>>> behalf to be able to establish the connection. This happens for
>>> example during group-add-member command when external user is
>>> being resolved in the AD.
>>>
>>> When user is not member of Trust admins group, the retrieval crashes
>>> and reports internal error. Catch this exception and rather report
>>> properly formatted ACIError.
>>>
>>> ----
>>>
>>> I hit this error after updating to the latest FreeIPA version with the AD 
>>> CVE
>>> fixed.
>>>
>>> Martin
>>>
>>
>> I filed a ticket to not loose this fix and patch. Attaching an updated patch
>> with ticket URL in description.
>>
>> Martin
>>
> 
> 
> The patch fixes the problem but the error is untranslated:
> 
>     member group: AD\Domain Admins: Insufficient access: 
> Gettext('communication
> with trusted domains is allowed for Trusts administrator group members only',
> domain='ipa', localedir=None)
> 
> rob

I think this is just because this string is not in our ipa.pot file yet (will
be when we do Transifex refresh").

Martin

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to