From 4d0d5913dd2e86dabbe9592522298c42af648284 Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Oct 26 2015 13:10:53 +0000 Subject: trusts: Make trust_show.get_dn raise properly formatted NotFound The trust_show command does not raise a properly formatted NotFound error if the trust is not found, only a generic EmptyResult error is raised. This patch makes the trust_show tell us what actually could not be found. https://fedorahosted.org/freeipa/ticket/5389 Reviewed-By: Martin Babinsky --- diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py index 472f353..0715713 100644 --- a/ipalib/plugins/trust.py +++ b/ipalib/plugins/trust.py @@ -539,22 +539,38 @@ class trust(LDAPObject): error=_("invalid SID: %(value)s") % dict(value=value)) def get_dn(self, *keys, **kwargs): + trust_type = kwargs.get('trust_type') + sdn = [('cn', x) for x in keys] sdn.reverse() - trust_type = kwargs.get('trust_type') + if trust_type is None: ldap = self.backend - filter = ldap.make_filter({'objectclass': ['ipaNTTrustedDomain'], 'cn': [keys[-1]] }, - rules=ldap.MATCH_ALL) - filter = ldap.combine_filters((filter, "ipaNTSecurityIdentifier=*"), rules=ldap.MATCH_ALL) - result = ldap.get_entries(DN(self.container_dn, self.env.basedn), - ldap.SCOPE_SUBTREE, filter, ['']) + trustfilter = ldap.make_filter({ + 'objectclass': ['ipaNTTrustedDomain'], + 'cn': [keys[-1]]}, + rules=ldap.MATCH_ALL + ) + + trustfilter = ldap.combine_filters( + (trustfilter, "ipaNTSecurityIdentifier=*"), + rules=ldap.MATCH_ALL + ) + + try: + result = ldap.get_entries( + DN(self.container_dn, self.env.basedn), + ldap.SCOPE_SUBTREE, trustfilter, [''] + ) + except errors.NotFound: + self.handle_not_found(keys[-1]) + if len(result) > 1: raise errors.OnlyOneValueAllowed(attr='trust domain') + return result[0].dn - dn=make_trust_dn(self.env, trust_type, DN(*sdn)) - return dn + return make_trust_dn(self.env, trust_type, DN(*sdn)) @register() class trust_add(LDAPCreate):