Hi, When constructing a parent DN in LDAPSearch, we should always check that the parent object exists (hence use get_dn_if_exists), rather than search on unexistant containers (which can happen with get_dn).
Replaces get_dn calls with get_dn_if_exists in *-find commands and makes sure proper error message is raised. https://fedorahosted.org/freeipa/ticket/4659 -- Tomas Babej Associate Software Engineer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org
>From 7a279fc809f812a6c7a91ed4a54550ea6589f1d3 Mon Sep 17 00:00:00 2001 From: Tomas Babej <tba...@redhat.com> Date: Wed, 19 Nov 2014 12:00:07 +0100 Subject: [PATCH] baseldap: Handle missing parent objects properly in *-find commands When constructing a parent DN in LDAPSearch, we should always check that the parent object exists (hence use get_dn_if_exists), rather than search on unexistant containers (which can happen with get_dn). Replaces get_dn calls with get_dn_if_exists in *-find commands and makes sure proper error message is raised. https://fedorahosted.org/freeipa/ticket/4659 --- ipalib/plugins/baseldap.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 375441c0fd55efe70d5a6f5bed6700e618874082..e4cc699ee0be29c184e35b510c7a10c5ff3d5c07 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -1934,7 +1934,11 @@ class LDAPSearch(BaseLDAPCommand, crud.Search): term = args[-1] if self.obj.parent_object: - base_dn = self.api.Object[self.obj.parent_object].get_dn(*args[:-1]) + api_parent_obj = self.api.Object[self.obj.parent_object] + try: + base_dn = api_parent_obj.get_dn_if_exists(*args[:-1]) + except errors.NotFound: + api_parent_obj.handle_not_found(*args[:-1]) else: base_dn = DN(self.obj.container_dn, api.env.basedn) assert isinstance(base_dn, DN) -- 1.9.3
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
