Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 455092 - Better handling if default group not found
Summary: Better handling if default group not found
Alias: None
Product: freeIPA
Classification: Retired
Component: ipa-server
Version: 1.0
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Rob Crittenden
QA Contact: Chandrasekar Kannan
Depends On:
Blocks: 453489
TreeView+ depends on / blocked
Reported: 2008-07-11 21:46 UTC by Rob Crittenden
Modified: 2015-01-04 23:33 UTC (History)
2 users (show)

Fixed In Version: freeipa-2.0.0-1.fc15
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2012-03-27 07:16:11 UTC

Attachments (Terms of Use)
decent error message if default group not found (deleted)
2008-07-21 19:47 UTC, Rob Crittenden
no flags Details | Diff

Description Rob Crittenden 2008-07-11 21:46:23 UTC
Description of problem:

When adding a user we attempt to add the user to the default user's group.

If the search for this group fails then adding the user will fail as well.

Currently ipa-adduser will fail with:

# ipa-adduser -f Test -l User testuser
* not found

We should at minimum provide a better error message

Comment 1 Simo Sorce 2008-07-12 15:28:17 UTC
Should we instead make ipausers undeletable ?

Comment 2 Rob Crittenden 2008-07-14 12:34:37 UTC
No. There is no need to require that the group of "everyone" be ipausers.

He put in a perfectly legal group. The problem is that the add_user code assumes
the location in the DIT of the group and constructs the DN. What I will probably
do is store the DN of the default group instead, assuming it doesn't cause too
much grief with installation and I can figure out a way to handle both cases.

What I wanted to avoid is a search for the group whenever a user is added.

Comment 3 Rob Crittenden 2008-07-21 19:47:42 UTC
Created attachment 312294 [details]
decent error message if default group not found

The wrong exception was being used to catch the LDAP not found.

Comment 4 Rob Crittenden 2008-07-23 14:14:26 UTC
master: 23fab304e97d4b275037e066ab93c44e0ed8ae96

Comment 5 Jenny Galipeau 2008-11-25 14:38:01 UTC
Fix Verified:

Can't delete default group via webgui or ipa-delgroup.  If you delete the group with ldapmodify and try to add a user - you get a descriptive error message.

[root@jennyv3 /]# ipa-adduser jack
First name: Jack
Last name: O'Lantern
The default group for new users, 'test', cannot be found.
[root@jennyv3 /]# ipa-finduser jack
No entries found for jack

Note You need to log in before you can comment on or make changes to this bug.