ipa otptoken-sync: return error when sync fails
The command ipa otptoken-sync does not properly handle
errors happening during the synchronization step.
- Even if an error is detected (such as invalid password
provided), the command exits with return code = 0. An
error message is displayed but the exit code should be 1.
- When an invalid token is provided, the token is not
synchronized but the error is not reported back to the
ipa otptoken-sync command.
The first issue can be fixed by raising an exception when
the HTTP response contains an header with an error.
The second issue is fixed by returning LDAP_INVALID_CREDENTIALS
to ldap bind with the sync control if synchronization fails.
Fixes: https://pagure.io/freeipa/issue/9248
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>