Description of problem:

ipa delegation-mod works if --membergroup entry does not exist.   It should
fail in this scenario like it does when --group entry does not exist.


# ipa group-find dnegroup
----------------
0 groups matched
----------------
----------------------------
Number of entries returned 0
----------------------------

# ipa delegation-mod testdelegation --membergroup=dnegroup
------------------------------------
Modified delegation "testdelegation"
------------------------------------
  Delegation name: testdelegation
  Permissions: write
  Attributes: mobile
  Member user group: dnegroup
  User group: ipausers


Version-Release number of selected component (if applicable):

ipa-server-2.2.0-101.20120118T0229zgitbb854ce.el6.x86_64
ipa-admintools-2.2.0-101.20120118T0229zgitbb854ce.el6.x86_64
389-ds-base-libs-1.2.9.14-1.el6.x86_64
389-ds-base-1.2.9.14-1.el6.x86_64

How reproducible:

always

Steps to Reproduce:
1.  <setup ipa server>
2.  kinit admin
3.  ipa delegation-add testdelegation --membergroup=admins --group=ipausers
--attrs=mobile
4.  ipa delegation-mod testdelegation --membergroup=dnegroup

Actual results:

Modifies entry with invalid membergroup.

Expected results:

returns an error similar to --group when it is passed an invalid group name.

Additional info:

/var/log/httpd/error_log message:

[Fri Jan 20 14:28:34 2012] [error] ipa: INFO: admin@TESTRELM:
delegation_mod(u'testdelegation', memberof=u'dnegroup', all=False, raw=False,
version=u'2.21'): SUCCESS