group-add-member fails with an external member

The command ipa group-add-member --external aduser@addomain.test fails with an internal error when used with samba 4.19. The command internally calls samba.security.dom_sid(sid) which used to raise a TypeError but now raises a ValueError (commit 9abdd67 on https://github.com/samba-team/samba). IPA source code needs to handle properly both exception types. Fixes: https://pagure.io/freeipa/issue/9466 Signed-off-by: Florence Blanc-Renaud <flo@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
progier389 · Oct 19, 2023 · d50624d · d50624d
1 parent 9d49f40
commit d50624d
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py
@@ -303,7 +303,7 @@ def get_domain_by_sid(self, sid, exact_match=False):
         # Parse sid string to see if it is really in a SID format
         try:
             test_sid = security.dom_sid(sid)
-        except TypeError:
+        except (TypeError, ValueError):
             raise errors.ValidationError(name='sid',
                                          error=_('SID is not valid'))