From f956fa7161bb855d165e2ab6b9b013c15cc6e5b2 Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alexandre.aubin@cern.ch>
Date: Mon, 28 Nov 2016 02:35:19 +0100
Subject: [PATCH] [enh] Adding check that user is actually created + minor
 refactor of ldap/auth init

---
 locales/en.json       |  1 +
 src/yunohost/tools.py | 31 +++++++++++++++++++++----------
 2 files changed, 22 insertions(+), 10 deletions(-)

diff --git a/locales/en.json b/locales/en.json
index e939b26fa..5bc3b7bdb 100644
--- a/locales/en.json
+++ b/locales/en.json
@@ -114,6 +114,7 @@
     "ip6tables_unavailable": "You cannot play with ip6tables here. You are either in a container or your kernel does not support it.",
     "iptables_unavailable": "You cannot play with iptables here. You are either in a container or your kernel does not support it.",
     "ldap_initialized": "LDAP has been initialized",
+    "ldap_init_failed_to_create_admin": "LDAP initialization failed to create admin. Aborting.",
     "license_undefined": "undefined",
     "mail_alias_remove_failed": "Unable to remove mail alias '{mail:s}'",
     "mail_domain_unknown": "Unknown mail address domain '{domain:s}'",
diff --git a/src/yunohost/tools.py b/src/yunohost/tools.py
index 7d7d8d0cc..671a7304c 100644
--- a/src/yunohost/tools.py
+++ b/src/yunohost/tools.py
@@ -33,6 +33,7 @@ import json
 import errno
 import logging
 import subprocess
+import pwd
 from collections import OrderedDict
 
 import apt
@@ -53,12 +54,20 @@ apps_setting_path= '/etc/yunohost/apps/'
 logger = getActionLogger('yunohost.tools')
 
 
-def tools_ldapinit(auth):
+def tools_ldapinit():
     """
     YunoHost LDAP initialization
 
 
     """
+
+    # Instantiate LDAP Authenticator
+    auth = init_authenticator(('ldap', 'default'),
+                              {'uri': "ldap://localhost:389",
+                               'base_dn': "dc=yunohost,dc=org",
+                               'user_rdn': "cn=admin" })
+    auth.authenticate('yunohost')
+
     with open('/usr/share/yunohost/yunohost-config/moulinette/ldap_scheme.yml') as f:
         ldap_map = yaml.load(f)
 
@@ -83,10 +92,19 @@ def tools_ldapinit(auth):
     }
 
     auth.update('cn=admin', admin_dict)
+
+    # Force nscd to refresh cache to take admin creation into account
     subprocess.call(['nscd', '-i', 'passwd'])
 
-    logger.success(m18n.n('ldap_initialized'))
+    # Check admin actually exists now
+    try:
+        pwd.getpwnam("admin")
+    except KeyError:
+        raise MoulinetteError(errno.EINVAL,
+                              m18n.n('ldap_init_failed_to_create_admin'))
 
+    logger.success(m18n.n('ldap_initialized'))
+    return auth
 
 def tools_adminpw(auth, new_password):
     """
@@ -193,16 +211,9 @@ def tools_postinstall(domain, password, ignore_dyndns=False):
 
     logger.info(m18n.n('yunohost_installing'))
 
-    # Instantiate LDAP Authenticator
-    auth = init_authenticator(('ldap', 'default'),
-                              {'uri': "ldap://localhost:389",
-                               'base_dn': "dc=yunohost,dc=org",
-                               'user_rdn': "cn=admin" })
-    auth.authenticate('yunohost')
-
     # Initialize LDAP for YunoHost
     # TODO: Improve this part by integrate ldapinit into conf_regen hook
-    tools_ldapinit(auth)
+    auth = tools_ldapinit()
 
     # Create required folders
     folders_to_create = [