We catched all errors that could be raised by idrange-add command and just raised an uncomprehensible ValidationError. This could hide a real underlying problem and make the debugging harder.
We should rather just let the command raise the real error (which will be already a PublicError). https://fedorahosted.org/freeipa/ticket/3288 --- NOTE: I discussed this issue with tsunamie (ticket logger). He hit this error in some early FreeIPA 3.0 release and he does not hit it any more. I also did not reproduce it with current master so I am just sending a patch to allow us/user to see the reason of the range error in case it occurs again. Martin
From a944a83193869412207ba688626ca2a991b47b91 Mon Sep 17 00:00:00 2001 From: Martin Kosek <mko...@redhat.com> Date: Thu, 7 Mar 2013 15:34:25 +0100 Subject: [PATCH] Do not hide idrange-add errors when adding trust We catched all errors that could be raised by idrange-add command and just raised an uncomprehensible ValidationError. This could hide a real underlying problem and make the debugging harder. We should rather just let the command raise the real error (which will be already a PublicError). https://fedorahosted.org/freeipa/ticket/3288 --- ipalib/plugins/trust.py | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py index 2d772130e3853475f133b38ea96ccd757c796a74..7733d9b15c15aff361c63e829f4d9bfa9af98676 100644 --- a/ipalib/plugins/trust.py +++ b/ipalib/plugins/trust.py @@ -346,15 +346,12 @@ sides. else: base_id = 200000 + (pysss_murmur.murmurhash3(dom_sid, len(dom_sid), 0xdeadbeef) % 10000) * 200000 - try: - new_range = api.Command['idrange_add'](range_name, - ipabaseid=base_id, - ipaidrangesize=options['range_size'], - ipabaserid=0, - ipanttrusteddomainsid=dom_sid) - except Exception, e: - raise errors.ValidationError(name=_('ID range exists'), - error = _('ID range already exists, must be added manually')) + # Add new ID range + api.Command['idrange_add'](range_name, + ipabaseid=base_id, + ipaidrangesize=options['range_size'], + ipabaserid=0, + ipanttrusteddomainsid=dom_sid) def execute_ad(self, *keys, **options): # Join domain using full credentials and with random trustdom -- 1.8.1.4
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel