[Freeipa-devel] [PATCH] 355 Avoid internal error when user is not Trust admin
Rob Crittenden
rcritten at redhat.com
Tue Feb 19 21:19:05 UTC 2013
Martin Kosek wrote:
> On 01/24/2013 12:01 PM, Martin Kosek wrote:
>> When user tries to perform any action requiring communication with
>> trusted domain, IPA server tries to retrieve a trust secret on his
>> behalf to be able to establish the connection. This happens for
>> example during group-add-member command when external user is
>> being resolved in the AD.
>>
>> When user is not member of Trust admins group, the retrieval crashes
>> and reports internal error. Catch this exception and rather report
>> properly formatted ACIError.
>>
>> ----
>>
>> I hit this error after updating to the latest FreeIPA version with the AD CVE
>> fixed.
>>
>> Martin
>>
>
> I filed a ticket to not loose this fix and patch. Attaching an updated patch
> with ticket URL in description.
>
> Martin
>
The patch fixes the problem but the error is untranslated:
member group: AD\Domain Admins: Insufficient access:
Gettext('communication with trusted domains is allowed for Trusts
administrator group members only', domain='ipa', localedir=None)
rob
More information about the Freeipa-devel
mailing list