[Freeipa-devel] [PATCH] 964 catch connection exceptions
Rob Crittenden
rcritten at redhat.com
Thu Feb 23 22:32:57 UTC 2012
The call to create_connection in the backend was outside a try/except so
we would miss public ACI errors. This will catch them.
To test this you can delete the S4U2Proxy delegation:
$ ldapmodify -x -D 'cn=directory manager' -W
LDAP Password:
dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX
changetype: modify
delete: memberPrincipal
$ kinit admin
$ user-show admin
ipa: ERROR: Insufficient access: KDC returned NOT_ALLOWED_TO_DELEGATE
To fix your instance run:
# ipa-ldap-updater --ldapi /usr/share/ipa/updates/30-s4u2proxy.update
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-964-exception.patch
Type: text/x-diff
Size: 1972 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120223/7de25d4f/attachment.bin>
More information about the Freeipa-devel
mailing list