Red Hat Bugzilla – Bug 455092
Better handling if default group not found
Last modified: 2015-01-04 18:33:22 EST
Description of problem:
When adding a user we attempt to add the user to the default user's group.
If the search for this group fails then adding the user will fail as well.
Currently ipa-adduser will fail with:
# ipa-adduser -f Test -l User testuser
* not found
We should at minimum provide a better error message
Should we instead make ipausers undeletable ?
No. There is no need to require that the group of "everyone" be ipausers.
He put in a perfectly legal group. The problem is that the add_user code assumes
the location in the DIT of the group and constructs the DN. What I will probably
do is store the DN of the default group instead, assuming it doesn't cause too
much grief with installation and I can figure out a way to handle both cases.
What I wanted to avoid is a search for the group whenever a user is added.
Created attachment 312294 [details]
decent error message if default group not found
The wrong exception was being used to catch the LDAP not found.
Can't delete default group via webgui or ipa-delgroup. If you delete the group with ldapmodify and try to add a user - you get a descriptive error message.
[root@jennyv3 /]# ipa-adduser jack
First name: Jack
Last name: O'Lantern
The default group for new users, 'test', cannot be found.
[root@jennyv3 /]# ipa-finduser jack
No entries found for jack