164d907 group-del: add a warning to logs when password policy could not be removed

1 file Authored by abbra 5 years ago, Committed by cheimes 5 years ago,
    group-del: add a warning to logs when password policy could not be removed
    
    When a user with sufficient permissions creates a group using ipa
    group-add and then deletes it again with group-del ipa gives an
    Insufficient access error, but still deletes the group.
    
    This is due to a need to remove an associaed password policy for the
    group. However, a password policy might be inaccessible to the user
    (created by a more powerful admin) and there is no way to check that it
    exists with current privileges other than trying to remove it.
    
    Seeing a Python exceptions in the Apache log without explanation is
    confusing to many users, so add a warning message that explains what
    happens here.
    
    Fixes: https://pagure.io/freeipa/issue/6884
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Christian Heimes <cheimes@redhat.com>
    
        
file modified
+13 -0