[Freeipa-devel] [PATCH] 73 Check whether the default user group is POSIX when adding new user with --noprivate

Tue, 03 Apr 2012 02:57:44 -0700 

https://fedorahosted.org/freeipa/ticket/2572

Honza

--
Jan Cholasta

>From 2fbfab66064d045c192d2cc8d747d30bca1ebdc6 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jchol...@redhat.com>
Date: Thu, 29 Mar 2012 09:12:36 -0400
Subject: [PATCH] Check whether the default user group is POSIX when adding
 new user with --noprivate.

ticket 2572
---
 ipalib/plugins/user.py |   30 ++++++++++++++----------------
 1 files changed, 14 insertions(+), 16 deletions(-)

diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index 64424e8..a552960 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -455,22 +455,20 @@ class user_add(LDAPCreate):
         entry_attrs.setdefault('krbpwdpolicyreference', 'cn=global_policy,cn=%s,cn=kerberos,%s' % (api.env.realm, api.env.basedn))
         entry_attrs.setdefault('krbprincipalname', '%s@%s' % (entry_attrs['uid'], api.env.realm))
 
-        if 'gidnumber' not in entry_attrs:
-            # gidNumber wasn't specified explicity, find out what it should be
-            if not options.get('noprivate', False) and ldap.has_upg():
-                # User Private Groups - uidNumber == gidNumber
-                entry_attrs['gidnumber'] = entry_attrs['uidnumber']
-            else:
-                # we're adding new users to a default group, get its gidNumber
-                # get default group name from config
-                def_primary_group = config.get('ipadefaultprimarygroup')
-                group_dn = self.api.Object['group'].get_dn(def_primary_group)
-                try:
-                    (group_dn, group_attrs) = ldap.get_entry(group_dn, ['gidnumber'])
-                except errors.NotFound:
-                    error_msg = 'Default group for new users not found.'
-                    raise errors.NotFound(reason=error_msg)
-                entry_attrs['gidnumber'] = group_attrs['gidnumber']
+        if options.get('noprivate', False) or not ldap.has_upg():
+            # we're adding new users to a default group, get its gidNumber
+            # get default group name from config
+            def_primary_group = config.get('ipadefaultprimarygroup')
+            group_dn = self.api.Object['group'].get_dn(def_primary_group)
+            try:
+                (group_dn, group_attrs) = ldap.get_entry(group_dn, ['gidnumber'])
+            except errors.NotFound:
+                error_msg = 'Default group for new users not found.'
+                raise errors.NotFound(reason=error_msg)
+            if 'gidnumber' not in group_attrs:
+                error_msg = 'Default group for new users is not POSIX.'
+                raise errors.NotFound(reason=error_msg)
+            entry_attrs['gidnumber'] = group_attrs['gidnumber']
 
         if 'userpassword' not in entry_attrs and options.get('random'):
             entry_attrs['userpassword'] = ipa_generate_password(user_pwdchars)
-- 
1.7.7.6


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to