07975b5 trust-add: handle missing msSFU30MaxGidNumber

Authored and Committed by frenaud 2 years ago
    trust-add: handle missing msSFU30MaxGidNumber
    
    When ipa trust-add is executed with --range-type ad-trust-posix,
    the server tries to find the max uidnumber and max gidnumber
    from AD domain controller.
    The values are extracted from the entry
    CN=<domain>,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,<AD suffix>
    in the msSFU30MaxUidNumber and msSFU30MaxGidNumber attributes.
    
    msSFU30MaxUidNumber is required but not msSFU30MaxGidNumber.
    In case msSFU30MaxGidNumber is missing, the code is currently assigning
    a "None" value and later on evaluates the max between this value and
    msSFU30MaxUidNumber. The max function cannot compare None and a list
    of string and triggers an exception.
    
    To avoid the exception, assign [b'0'] to max gid if msSFU30MaxGidNumber
    is missing. This way, the comparison succeeds and max returns the
    value from msSFU30MaxUidNumber.
    
    Fixes: https://pagure.io/freeipa/issue/9310
    Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
    
        
file modified
+4 -1