[Freeipa-devel] [PATCH] 355 Avoid internal error when user is not Trust admin
Martin Kosek
mkosek at redhat.com
Wed Feb 20 08:15:40 UTC 2013
On 02/19/2013 10:19 PM, Rob Crittenden wrote:
> Martin Kosek wrote:
>> On 01/24/2013 12:01 PM, Martin Kosek wrote:
>>> When user tries to perform any action requiring communication with
>>> trusted domain, IPA server tries to retrieve a trust secret on his
>>> behalf to be able to establish the connection. This happens for
>>> example during group-add-member command when external user is
>>> being resolved in the AD.
>>>
>>> When user is not member of Trust admins group, the retrieval crashes
>>> and reports internal error. Catch this exception and rather report
>>> properly formatted ACIError.
>>>
>>> ----
>>>
>>> I hit this error after updating to the latest FreeIPA version with the AD CVE
>>> fixed.
>>>
>>> Martin
>>>
>>
>> I filed a ticket to not loose this fix and patch. Attaching an updated patch
>> with ticket URL in description.
>>
>> Martin
>>
>
>
> The patch fixes the problem but the error is untranslated:
>
> member group: AD\Domain Admins: Insufficient access: Gettext('communication
> with trusted domains is allowed for Trusts administrator group members only',
> domain='ipa', localedir=None)
>
> rob
I think this is just because this string is not in our ipa.pot file yet (will
be when we do Transifex refresh").
Martin
More information about the Freeipa-devel
mailing list