IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

aci ui

Browse Source 
Implements the role, privilege, permission, delegation and selfservice entities ui.

Targetgroup has been added to the object types.
The groups lists need to be filter.  The filter is currently hidden, with a
hyperlink that reads 'filter' to unhide it.  Each keystroke in this filter
performs an AJAX request to the server.

There are bugs on the server side that block some of the functionality from
completing

Creating a Permission requires one of 4 target types. The add dialog in this
version assumes the user will want to create a filter type. They can change
this on the edit page.

Most search results come back with the values as arrays, but ACIs seem not to.
Search and details both required special code to handle non-arrays.

The unit tests now make use of the 'module' aspect of QUnit.  This means that
future unit test will also need to specify the module.  The advantage is that
multiple tests can share a common setup and teardown.

Bugs that need to be fixed before this works 100% are
https://fedorahosted.org/freeipa/ticket/634
https://fedorahosted.org/freeipa/ticket/633
This commit is contained in:
Adam Young 2010-10-25 19:55:57 -04:00
parent fc4ce7dc8c
commit 07ace112af
43 changed files with 3168 additions and 379 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
install/static/Makefile.am
View File

@ -8,6 +8,7 @@ SUBDIRS = \
appdir = $(IPA_DATA_DIR)/static
app_DATA = \
aci.js \
add.js \
associate.js \
ipa_logo_180x50.png \

868
install/static/aci.js Normal file
View File

@ -0,0 +1,868 @@
/* Authors:
* Adam Young <ayoung@redhat.com>
*
* Copyright (C) 2010 Red Hat
* see file 'COPYING' for use and warranty information
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; version 2 only
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/* REQUIRES: ipa.js, details.js, search.js, add.js, entity.js */
/*TODO Merge this code into the attribtue table widget */
IPA.populate_attribute_table = function (table, entity){
var attr_per_col = 400;
var aciattrs = IPA.metadata[entity].aciattrs;
var col_span = aciattrs.length / attr_per_col + 1;
$('tbody tr', table).remove();
var tbody = $('tbody',table);
var td;
for (var a = 0; a < aciattrs.length ; a += 1){
var aci_tr = $('<tr/>').appendTo(tbody);
td = $('<td/>').appendTo(aci_tr);
td.append($('<input/>',{
type:"checkbox",
id:'aciattr-'+aciattrs[a].toLowerCase(),
"class":'aci-attribute'
}));
td.append($('<label/>',{
text:aciattrs[a].toLowerCase()}));
}
}
IPA.attribute_table_widget= function (spec){
var id = spec.name;
var that = ipa_widget(spec);
var object_type = spec.objecttype || 'user';
var table;
that.create = function(container){
var dd = $('<dd/>').appendTo(container);
table = $('<table/>',{
id:id,
'class':'search-table'}).
append('<thead/>').
append($('<tbody/>',{
style:"height:30em; overflow:auto;"
})).
appendTo(dd);
$('<tr></tr>').
append($('<th/>',{
style:"height:2em; vertical-align:bottom;",
html:$('<input/>',{
type: "checkbox",
click: function(){
$('.aci-attribute').
attr('checked', $(this).attr('checked'));
}}).
after('<label>Attribute</lable>')
})).
appendTo($('thead', table));
IPA.populate_attribute_table(table, object_type);
};
that.save = function(){
var attrs_boxes = $('table#'+id+" td :checked");
if (!attrs_boxes.length){
return [];
}
var retval = "";
for (var i = 0; i < attrs_boxes.length; i += 1){
if (i > 0){
retval += ',';
}
retval += attrs_boxes[i].id.substring("aciattr-".length);
}
return [retval];
}
var attrs = [];
that.reset =function(){
$('input[type=checkbox]', table).attr('checked','');
for (var i = 0; i < attrs.length; i+=1){
$(attrs[i], table).attr('checked','checked');
}
}
that.load = function(record){
if (!record.attrs) return;
attrs = [];
for (var i = 0; i < record.attrs.length; i+=1){
attrs.push('#aciattr-' +record.attrs[i]);
}
that.reset();
}
return that;
}
IPA.entity_select_widget = function(spec){
var that = ipa_widget(spec);
var entity = spec.entity || 'group';
function populate_select(value){
var selected = value;
function find_success(result){
$('option', that.entity_select).remove();
var entities = result.result.result;
for (var i =0; i < result.result.count; i +=1){
var option =
that.entity_select.append($('<option/>',{
text:entities[i].cn[0],
value:entities[i].cn[0]
}));
if (selected === entities[i].cn[0]){
option.attr('selected','selected');
}
}
}
function find_error(err){
}
ipa_command({
method: entity+'_find',
args:[that.entity_filter.val()],
options:{},
on_success:find_success,
on_error:find_error,
}).execute();
}
that.create = function(container){
var dd = $('<dd/>').appendTo(container);
that.entity_select = $('<select/>', {
id: that.name + '-entity-select',
change: function(){
}
}).appendTo(dd);
that.entity_filter = $('<input/>',{
size:10,
type: 'text',
id: 'entity_filter',
style: 'display: none;',
keypress: function(){
populate_select();
}
}).appendTo(dd);
$('<a />',{
href:"",
text: 'filter: ',
click:function(){
that.entity_filter.css('display','inline');
$(this).css('display','none');
return false;
}
}).appendTo(dd);
}
var value = '';
that.reset = function(){
that.entity_filter.val(value );
populate_select(value);
}
that.load = function(record){
value = record[that.name];
that.reset();
}
that.save = function(){
return [$('option:selected', that.entity_select).val()];
}
return that;
}
IPA.rights_widget = function(spec){
var rights = ['write','add','delete'];
var that = ipa_widget({name:'permissions',label:'Permissions'});
that.id = spec.id;
that.create = function(container){
for (var i =0; i < rights.length; i += 1){
$("<dd/>").
append($('<input/>',{
type:'checkbox',
'class':that.entity_name +"_"+ that.name,
'id':rights[i],
value:rights[i]
})).
append($('<label/>',{
text:rights[i]
})).
appendTo(container);
}
}
var values = [];
that.reset = function(){
var selector = '.'+ that.entity_name +"_"+ that.name;
var checkboxes = $(selector);
for (var i = 0; i < checkboxes.length; i +=1){
checkboxes.attr('checked','');
}
for (var i = 0; i < values.length; i +=1){
var value = values[i];
var cb = $('#'+value+ selector);
cb.attr('checked', 'checked');
}
}
that.load = function(record) {
values = record[that.name] || [];
that.reset();
}
that.save = function(){
var rights_input = $('.'+ that.entity_name +"_"+ that.name);
var retval = "";
for (var i =0; i < rights_input.length; i+=1){
if (i > 0) {
retval += ',';
}
retval += rights_input[i].value;
}
return [retval];
}
return that;
}
function ipa_rights_section() {
var spec = {'name':'rights',
'label': 'Rights'}
var that = ipa_details_section(spec);
that.add_field(IPA.rights_widget({name:'permissions'}));
return that;
}
function ipa_target_section() {
var spec = {'name':'target',
'label': 'Target'}
var that = ipa_details_section(spec);
var groupings = ['aci_by_type', 'aci_by_query', 'aci_by_group',
'aci_by_filter' ];
var inputs = ['input', 'select', 'textarea'];
function disable_inputs(){
for (var g = 0; g < groupings.length; g += 1 ){
for (var t = 0 ; t < inputs.length; t += 1){
$('.' + groupings[g] + ' '+ inputs[t]).
attr('disabled', 'disabled');
}
}
}
function enable_by(grouping){
for (var t = 0 ; t < inputs.length; t += 1){
$('.' + grouping + ' '+ inputs[t]).
attr('disabled', '');
}
}
function display_filter_target(dl){
$("<dt/>").
append($("<label/>",{
text: "Filter",
})).
append($('<input/>',{
type:"radio",
name:"type",
checked:"true",
id:"aci_by_filter"
})).appendTo(dl);
$('<dd/>',{
'class': 'aci_by_filter first'}).
append($('<input />',{
disabled:'true',
type:'text',
id:'aci_filter'
})).
appendTo(dl);
}
function display_type_target(dl){
$("<dt/>").
append($("<label/>",{
text: "Object By Type ",
})).
append($('<input/>',{
type:"radio",
name:"type",
checked:"true",
id:"aci_by_type"
})).appendTo(dl);
var dd = $('<dd/>',{
"class":"aci_by_type first",
}).appendTo(dl);
var type_select = $('<select/>', {
id: 'object_type_select',
change: function(){
var attribute_table = $('#aci_attributes_table');
IPA.populate_attribute_table(
attribute_table, this.options[this.selectedIndex].value);
}
}).appendTo(dd);
var type_params=ipa_get_param_info("permission","type");
for (var pc =0; pc < type_params.values.length; pc += 1){
type_select.append($('<option/>',{
value: type_params.values[pc],
text: type_params.values[pc]
}));
}
dd = $('<dd />',{
"class":"aci_by_type other"}).appendTo(dl);
var attribute_table = IPA.attribute_table_widget(
{name:'aci_attributes_table',object_type:'user'});
attribute_table.create(dl);
}
function display_query_target(dl){
$('<dt/>').
append($('<label />',{ html: 'By Subtree'} )).
append($('<input />',{
type:"radio",
name:"type",
id:"aci_by_query" })).
appendTo(dl);
$("<dd/>",{
"class":'aci_by_query first'}).append($('<textarea />',{
id: 'aci_query_text',
cols:'30',
rows:'1'})) .appendTo(dl);
}
function populate_target_group_select(){
function find_success(result){
var groups = result.result.result;
for (var i =0; i < result.result.count; i +=1){
var option = groups[i].cn[0];
that.group_select.append($('<option/>',{
text:groups[i].cn[0],
value:groups[i].cn[0]
}));
}
}
function find_error(err){
}
$('option', that.group_select).remove();
ipa_command({
method:'group_find',
args:[that.group_filter.val()],
options:{},
on_success:find_success,
on_error:find_error}).execute();
}
function display_group_target(dl){
$('<dt/>' ).
append($('<label />',{
html: 'Target Group'} )).
append($('<input />',{
type:"radio",
name:"type",
id:"aci_by_group" })).
appendTo(dl);
that.group_filter = $('<input/>',{
type: 'text',
id: 'group_filter',
});
that.group_select = $('<select/>', {
id: 'aci_target_group_select',
change: function(){
}
});
$("<dd/>",{
'class':'aci_by_group first'
}).
append(that.group_filter).
append($('<label>Group Filter</label>')).
appendTo(dl);
$("<dd/>",{
'class':'aci_by_group other'
}).
append(that.group_select).
appendTo(dl);
}
that.create = function(container) {
dl = $('<dl class="entryattrs"/>').appendTo(container);
display_filter_target(dl);
display_query_target(dl);
display_group_target(dl);
display_type_target(dl);
$('#aci_by_filter', dl).click(function (){
disable_inputs();
enable_by(groupings[3]);
});
$('#aci_by_type', dl).click(function (){
disable_inputs();
enable_by(groupings[0]);
});
$('#aci_by_query', dl).click(function (){
disable_inputs();
enable_by(groupings[1]);
});
$('#aci_by_group', dl).click(function (){
disable_inputs();
enable_by(groupings[2]);
populate_target_group_select();
});
$('#aci_by_query', dl).click();
};
that.setup = function(container) {
}
that.load = function(result) {
if(result.subtree){
$('#aci_query_text').val(result.subtree);
$('#aci_by_query').click();
}else if(result.type){
$('#aci_by_type').click();
$('#object_type_select').val(result.type);
IPA.populate_attribute_table($('#aci_attributes_table'),
result.type);
if (result.attrs){
for (var a = 0; a < result.attrs.length; a += 1){
var cb = $('#aciattr-'+result.attrs[a]);
if (!cb.length){
alert('unmatched:'+result.attrs[a]);
}
cb.attr('checked',true);
}
}
}else if (result.targetgroup){
var segments = result.targetgroup.split(/,/);
var targetgroup=segments[0].split(/=/)[1];
that.group_filter.val( targetgroup);
$('#aci_by_group').click();
}else if (result.filter){
$('#aci_by_filter').click();
$('#aci_filter').val(result.filter);
}else{
alert('permission with invalid target specification');
}
}
that.reset = function() {
};
that.save = function (record){
var record_type = $("input[name='type']:checked").attr('id');
if (record_type === 'aci_by_group'){
record.targetgroup =
$('#aci_target_group_select option:selected').val();
}else if (record_type === 'aci_by_type'){
record.type = $('#object_type_select option:selected').val();
}else if (record_type === 'aci_by_query'){
record.subtree = $('#aci_query_text').val();
}else if (record_type === 'aci_by_filter'){
var filter = $('#aci_filter').val();
record.filter = filter;
}
var attrs = $('.aci-attribute:checked').each(function(){
var id = this.id.split('-')[1];
if (!record.attributes){
record.attributes = "";
}else{
record.attributes += ",";
}
record.attributes += id;
});
}
return that;
}
function ipa_permission() {
var that = ipa_entity({
'name': 'permission'
});
that.init = function() {
var dialog = ipa_permission_add_dialog({
name: 'add',
title: 'Add New Permission',
entity_name: 'permission'
});
that.add_dialog(dialog);
dialog.init();
var facet = ipa_permission_search_facet({
name: 'search',
label: 'Search'
});
that.add_facet(facet);
facet = ipa_permission_details_facet();
that.add_facet(facet);
that.entity_init();
};
return that;
}
IPA.add_entity(ipa_permission());
function ipa_permission_add_dialog(spec) {
spec = spec || {};
var that = ipa_add_dialog(spec);
that.init = function() {
that.add_field(ipa_text_widget({
name: 'cn',
undo: false
}));
that.add_field(ipa_text_widget({
name: 'description',
undo: false
}));
that.add_field(IPA.rights_widget({name:'permissions'}));
that.add_field(ipa_text_widget({name:'filter'}));
that.add_dialog_init();
};
return that;
}
function ipa_permission_search_facet(spec) {
spec = spec || {};
var that = ipa_search_facet(spec);
that.init = function() {
that.create_column({name:'cn'});
that.create_column({name:'description'});
that.search_facet_init();
}
return that;
}
function ipa_permission_details_facet() {
var spec = {
name: 'details',
label: 'Details'
};
var that = ipa_details_facet(spec);
that.init = function() {
var section = that.add_section(ipa_details_list_section({
name:'identity',label:'Identity' }));
section.create_field({ name: 'cn', 'read_only': true });
section.create_field({ name: 'description'});
that.rights_section = ipa_rights_section();
that.add_section(that.rights_section);
that.target_section = ipa_target_section();
that.add_section(that.target_section);
that.details_facet_init();
};
that.superior_load = that.load;
that.load = function(result) {
that.superior_load(result);
}
that.superior_update = that.update;
that.update = function(on_win, on_fail){
that.superior_update(on_win, on_fail);
}
return that;
}
IPA.add_entity( function() {
var that = ipa_entity({
'name': 'privilege'
});
that.init = function() {
var search_facet = ipa_search_facet({
name: 'search',
label: 'Search',
entity_name: that.name
});
search_facet.create_column({name:'cn'});
search_facet.create_column({name:'description'});
that.add_facet(search_facet);
that.add_facet(function() {
var that = ipa_details_facet({name:'details',label:'Details'});
that.add_section(
ipa_stanza({name:'identity', label:'Privilege Details'}).
input({name:'cn'}).
input({name: 'description'}));
return that;
}());
var dialog = ipa_add_dialog({
name: 'add',
title: 'Add Privilege',
entity_name: that.entity
});
that.add_dialog(dialog);
dialog.add_field(ipa_text_widget({ name: 'cn', undo: false}));
dialog.add_field(ipa_text_widget({ name: 'description', undo: false}));
dialog.init();
that.create_association_facets();
that.entity_init();
};
return that;
}());
IPA.add_entity( function() {
var that = ipa_entity({
'name': 'role'
});
that.init = function() {
var search_facet = ipa_search_facet({
name: 'search',
label: 'Search',
entity_name: that.name
});
search_facet.create_column({name:'cn'});
search_facet.create_column({name:'description'});
that.add_facet(search_facet);
that.add_facet(function() {
var that = ipa_details_facet({name:'details',label:'Details'});
that.add_section(
ipa_stanza({name:'identity', label:'Role Details'}).
input({name:'cn'}).
input({name: 'description'}));
return that;
}());
var dialog = ipa_add_dialog({
name: 'add',
title: 'Add Role'
});
that.add_dialog(dialog);
dialog.add_field(ipa_text_widget({ name: 'cn', undo: false}));
dialog.add_field(ipa_text_widget({ name: 'description', undo: false}));
dialog.init();
that.create_association_facets();
that.entity_init();
};
return that;
}());
IPA.add_entity( function() {
var that = ipa_entity({
'name': 'selfservice'
});
that.add_facet(function () {
var spec = {
name: 'search',
label: 'Search'
};
var that = ipa_search_facet(spec);
that.init = function() {
that.create_column({name:'aciname'});
that.search_facet_init();
}
return that;
}());
that.add_facet(function(){
var that = ipa_details_facet({'name':'details',label:'Details'});
that.init = function() {
that.add_section(
ipa_stanza({name:'general', label:'General'}).
input({name:'aciname'}).
custom_input(IPA.rights_widget({name:'permissions'})).
custom_input(IPA.attribute_table_widget({
object_type:'user',
name:'attrs'
}))
);
}
return that;
}());
that.parent_init = that.init;
that.init = function(){
that.parent_init();
var dialog = ipa_add_dialog({
name: 'add',
title: 'Add Self Service Definition'
});
that.add_dialog(dialog);
dialog.add_field(ipa_text_widget({ name: 'aciname', undo: false}));
dialog.add_field(IPA.rights_widget({name:'permissions'}));
dialog.add_field(IPA.attribute_table_widget({
object_type:'user',
name:'attrs'
}));
dialog.init();
}
return that;
}());
IPA.add_entity( function() {
var that = ipa_entity({
'name': 'delegation'
});
that.add_facet(function () {
var spec = {
name: 'search',
label: 'Search'
};
var that = ipa_search_facet(spec);
that.init = function() {
that.create_column({name:'aciname'});
that.search_facet_init();
}
return that;
}());
that.add_facet(function(){
var that = ipa_details_facet({'name':'details',label:'Details'});
var section =
ipa_stanza({name:'general', label:'General'}).
input({name:'aciname'}).
custom_input(IPA.entity_select_widget(
{name:'group', entity:'group'})).
custom_input(IPA.entity_select_widget(
{name:'memberof', entity:'group'})).
custom_input(
IPA.rights_widget({
id:'delegation_rights'})).
custom_input(
IPA.attribute_table_widget({
name:'attrs'}));
that.add_section(section);
return that;
}());
that.super_init = that.init;
that.init = function(){
that.super_init();
var dialog = ipa_add_dialog({
name: 'add',
title: 'Add Delegation',
entity_name: that.entity
});
that.add_dialog(dialog);
dialog.add_field(ipa_text_widget({ name: 'aciname', undo: false}));
dialog.add_field(IPA.entity_select_widget({name:'group',
entity:'group'}));
dialog.add_field(IPA.entity_select_widget({name:'memberof',
entity:'group'}));
dialog.add_field(IPA.attribute_table_widget({ name: 'attrs'}));
dialog.init();
that.create_association_facets();
}
return that;
}());

32
install/static/add.js
View File

@ -88,24 +88,34 @@ function ipa_add_dialog(spec) {
that.dialog_init();
};
that.add = function(record, on_success, on_error) {
/* Fields that are not displayed directly, but that are managed by
another mechanism, such as the ACI permissions*/
that.additional_fields = [];
that.additional_field = function(field) {
that.additional_fields.push(field);
}
function save_field(field, record, args, options){
var pkey_name = IPA.metadata[that.entity_name].primary_key;
var value = record[field.name];
if (!value) return;
if (field.name == pkey_name) {
args.push(value);
} else {
options[field.name] = value;
}
}
that.add = function(record, on_success, on_error) {
var args = [];
var options = {};
for (var i=0; i<that.fields.length; i++) {
var field = that.fields[i];
var value = record[field.name];
if (!value) continue;
if (field.name == pkey_name) {
args.push(value);
} else {
options[field.name] = value;
}
save_field(that.fields[i], record, args, options);
}
for (var i=0; i<that.additional_fields.length; i++) {
save_field(that.additional_fields[i], record, args, options);
}
ipa_cmd('add', args, options, on_success, on_error, that.entity_name);

22
install/static/details.js
View File

@ -79,6 +79,15 @@ function ipa_details_field(spec) {
}
if (that.values) {
/*
Too much logic currently assumes an array.
This is true everywhere but ACIs. */
if (!(that.values instanceof Array)){
that.values = [that.values];
}
dd = ipa_create_first_dd(that.name);
dd.append(ipa_details_field_create_input.call(that, that.values[0], hint_span, rights, 0));
dd.appendTo(that.container);
@ -165,6 +174,7 @@ function ipa_details_section(spec){
field.entity_name = that.entity_name;
that.fields.push(field);
that.fields_by_name[field.name] = field;
return field;
};
that.create_field = function(spec) {
@ -396,6 +406,7 @@ function ipa_details_facet(spec) {
section.entity_name = that.entity_name;
that.sections.push(section);
that.sections_by_name[section.name] = section;
return section;
};
that.create_section = function(spec) {
@ -413,7 +424,11 @@ function ipa_details_facet(spec) {
that.get_primary_key = function() {
var pkey_name = IPA.metadata[that.entity_name].primary_key;
return that.record[pkey_name][0];
if (that.record[pkey_name] instanceof Array){
return that.record[pkey_name][0];
}else{
return that.record[pkey_name];
}
};
that.get_section_header_prefix = function(visible) {
@ -631,6 +646,11 @@ function ipa_details_update(on_win, on_fail)
for (var i=0; i<that.sections.length; i++) {
var section = that.sections[i];
if (section.save){
section.save(modlist);
continue;
}
var div = $('#'+that.entity_name+'-'+that.name+'-'+section.name, that.container);
for (var j=0; j<section.fields.length; j++) {

9
install/static/hbac.js
View File

@ -121,15 +121,6 @@ function ipa_hbac_search_facet(spec) {
that.search_facet_create(container);
container.children().last().prepend(
$('<h2/>', { 'html': IPA.metadata.hbac.label }));
container.children().last().prepend('<br/><br/>');
};
that.setup = function(container) {
that.search_facet_setup(container);
};
return that;

30
install/static/hbacsvc.js
View File

@ -86,36 +86,6 @@ function ipa_hbacsvc_search_facet(spec) {
that.search_facet_init();
};
that.create = function(container) {
that.search_facet_create(container);
container.children().last().prepend(
$('<h2/>', { 'html': IPA.metadata.hbacsvc.label }));
container.children().last().prepend('<br/><br/>');
};
that.setup = function(container) {
that.search_facet_setup(container);
var action_panel = that.get_action_panel();
var li = $('li[title=hbac]', action_panel);
li.click(function() {
var state = {};
state['hbac-entity'] = 'hbac';
nav_push_state(state);
return false;
});
li = $('li[title=hbacsvcgroup]', action_panel);
li.click(function() {
var state = {};
state['hbac-entity'] = 'hbacsvcgroup';
nav_push_state(state);
return false;
});
};
return that;
}

29
install/static/hbacsvcgroup.js
View File

@ -92,35 +92,6 @@ function ipa_hbacsvcgroup_search_facet(spec) {
that.search_facet_init();
};
that.create = function(container) {
that.search_facet_create(container);
container.children().last().prepend(
$('<h2/>', { 'html':IPA.metadata.hbacsvcgroup.label }));
container.children().last().prepend('<br/><br/>');
};
that.setup = function(container) {
that.search_facet_setup(container);
var action_panel = that.get_action_panel();
var li = $('li[title=hbac]', action_panel);
li.click(function() {
var state = {};
state['hbac-entity'] = 'hbac';
nav_push_state(state);
return false;
});
li = $('li[title=hbacsvc]', action_panel);
li.click(function() {
var state = {};
state['hbac-entity'] = 'hbacsvc';
nav_push_state(state);
return false;
});
};
return that;
}

1
install/static/index.html
View File

@ -35,6 +35,7 @@
<script type="text/javascript" src="sudocmd.js"></script>
<script type="text/javascript" src="sudocmdgroup.js"></script>
<script type="text/javascript" src="policy.js"></script>
<script type="text/javascript" src="aci.js"></script>
<script type="text/javascript" src="develop.js"></script>

5
install/static/search.js
View File

@ -352,6 +352,11 @@ function ipa_search_facet(spec) {
var span = $('<span/>', { 'name': 'search' }).appendTo(container);
that.table.create(span);
container.children().last().prepend(
$('<h2/>', { 'html': IPA.metadata[that.entity_name].label }));
container.children().last().prepend('<br/>');
}
function setup(container) {

24
install/static/serverconfig.js
View File

@ -23,30 +23,6 @@
/* ACI */
ipa_entity_set_search_definition('aci', [
['cn', 'ACI name', null]
]);
ipa_entity_set_add_definition('aci', [
'dialog-add-aci', 'Add New Aci', [
['cn', 'Name', null],
['description', 'Description', null],
]
]);
ipa_entity_set_details_definition('aci', [
ipa_stanza({name:'ipaserver', label:'Aci Details'}).
input({name:'cn', label:'Name'}).
input({name:'description', label:'Description'})
]);
/* Configuration */
ipa_entity_set_details_definition('config',[

32
install/static/sudocmd.js
View File

@ -86,38 +86,6 @@ function ipa_sudocmd_search_facet(spec) {
that.search_facet_init();
};
that.create = function(container) {
that.search_facet_create(container);
container.children().last().prepend(
$('<h2/>', { 'html': IPA.metadata.sudocmd.label }));
container.children().last().prepend('<br/><br/>');
};
that.setup = function(container) {
that.search_facet_setup(container);
var action_panel = that.get_action_panel();
var li = $('li[title=sudorule]', action_panel);
li.click(function() {
var state = {};
state['sudorule-entity'] = 'sudorule';
nav_push_state(state);
return false;
});
li = $('li[title=sudocmdgroup]', action_panel);
li.click(function() {
var state = {};
state['sudorule-entity'] = 'sudocmdgroup';
nav_push_state(state);
return false;
});
};
return that;
}

33
install/static/sudocmdgroup.js
View File

@ -92,39 +92,6 @@ function ipa_sudocmdgroup_search_facet(spec) {
that.search_facet_init();
};
that.create = function(container) {
that.search_facet_create(container);
container.children().last().prepend(
$('<h2/>', { 'html': IPA.metadata.sudocmdgroup.label }));
container.children().last().prepend('<br/><br/>');
};
that.setup = function(container) {
that.search_facet_setup(container);
var action_panel = that.get_action_panel();
var li = $('li[title=sudorule]', action_panel);
li.click(function() {
var state = {};
state['sudorule-entity'] = 'sudorule';
nav_push_state(state);
return false;
});
li = $('li[title=sudocmd]', action_panel);
li.click(function() {
var state = {};
state['sudorule-entity'] = 'sudocmd';
nav_push_state(state);
return false;
});
};
return that;
}

13
install/static/sudorule.js
View File

@ -86,19 +86,6 @@ function ipa_sudorule_search_facet(spec) {
that.search_facet_init();
};
that.create = function(container) {
that.search_facet_create(container);
container.children().last().prepend(
$('<h2/>', { 'html': IPA.metadata.sudorule.label }));
container.children().last().prepend('<br/><br/>');
};
that.setup = function(container) {
that.search_facet_setup(container);
};
return that;
}

33
install/static/test/aci_tests.html Executable file
View File

@ -0,0 +1,33 @@
<!DOCTYPE html>
<html>
<head>
<title>Access Control Interface Test Suite</title>
<link rel="stylesheet" href="qunit.css" type="text/css" media="screen">
<script type="text/javascript" src="qunit.js"></script>
<script type="text/javascript" src="../jquery.js"></script>
<script type="text/javascript" src="../jquery.ba-bbq.js"></script>
<script type="text/javascript" src="../jquery-ui.js"></script>
<script type="text/javascript" src="../ipa.js"></script>
<script type="text/javascript" src="../widget.js"></script>
<script type="text/javascript" src="../details.js"></script>
<script type="text/javascript" src="../search.js"></script>
<script type="text/javascript" src="../add.js"></script>
<script type="text/javascript" src="../entity.js"></script>
<script type="text/javascript" src="../associate.js"></script>
<script type="text/javascript" src="../navigation.js"></script>
<script type="text/javascript" src="../aci.js"></script>
<script type="text/javascript" src="aci_tests.js"></script>
</head>
<body>
<h1 id="qunit-header">Certificate Test Suite</h1>
<h2 id="qunit-banner"></h2>
<div id="qunit-testrunner-toolbar"></div>
<h2 id="qunit-userAgent"></h2>
<ol id="qunit-tests"></ol>
<div id="qunit-fixture"></div>
</body>
</html>

81
install/static/test/aci_tests.js Normal file
View File

@ -0,0 +1,81 @@
/* Authors:
* Endi Sukma Dewata <edewata@redhat.com>
*
* Copyright (C) 2010 Red Hat
* see file 'COPYING' for use and warranty information
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; version 2 only
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
var target_section;
var aci_container;
module('aci',{
setup: function() {
IPA.ajax_options.async = false;
IPA.init(
"data",
true,
function(data, text_status, xhr) {
ok(true, "ipa_init() succeeded.");
},
function(xhr, text_status, error_thrown) {
ok(false, "ipa_init() failed: "+error_thrown);
}
);
aci_container = $('<div id="aci"/>').appendTo(document.body);
target_section = ipa_target_section();
target_section.create(aci_container);
},
teardown: function() {
aci_container.remove();
}}
);
test("Testing aci grouptarget.", function() {
var sample_data_filter_only = {"targetgroup":"ipausers"};
target_section.load(sample_data_filter_only);
ok($('#aci_by_group')[0].checked, 'aci_by_group control selected');
ok ($('#aci_target_group_select option').length > 2,'group select populated');
});
test("Testing aci object type.", function() {
var sample_data_filter_only = {"type":"hostgroup"};
target_section.load(sample_data_filter_only);
ok($('.aci-attribute', aci_container).length > 4);
ok($('#aci_by_type')[0].checked, 'aci_by_type control selected');
});
test("Testing aci filter only.", function() {
var sample_data_filter_only = {"filter":"somevalue"};
target_section.load(sample_data_filter_only);
var filter_radio = $('#aci_by_filter');
ok(filter_radio.length,'find "filter_only_radio" control');
ok(filter_radio[0].checked,'filter_only_radio control is checked');
});

2
install/static/test/all_tests.html
View File

@ -16,12 +16,14 @@
<script type="text/javascript" src="../associate.js"></script>
<script type="text/javascript" src="../navigation.js"></script>
<script type="text/javascript" src="../certificate.js"></script>
<script type="text/javascript" src="../aci.js"></script>
<script type="text/javascript" src="ipa_tests.js"></script>
<script type="text/javascript" src="details_tests.js"></script>
<script type="text/javascript" src="entity_tests.js"></script>
<script type="text/javascript" src="association_tests.js"></script>
<script type="text/javascript" src="navigation_tests.js"></script>
<script type="text/javascript" src="certificate_tests.js"></script>
<script type="text/javascript" src="aci_tests.js"></script>
</head>
<body>
<h1 id="qunit-header">Complete Test Suite</h1>

2
install/static/test/certificate_tests.html
View File

@ -5,6 +5,8 @@
<link rel="stylesheet" href="qunit.css" type="text/css" media="screen">
<script type="text/javascript" src="qunit.js"></script>
<script type="text/javascript" src="../jquery.js"></script>
<script type="text/javascript" src="../jquery.ba-bbq.js"></script>
<script type="text/javascript" src="../jquery-ui.js"></script>
<script type="text/javascript" src="../ipa.js"></script>
<script type="text/javascript" src="../details.js"></script>
<script type="text/javascript" src="../search.js"></script>

2
install/static/test/certificate_tests.js
View File

@ -18,6 +18,8 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
module('certificate');
test("Testing certificate_parse_dn().", function() {
same(

115
install/static/test/data/aci_find.json
View File

@ -1,64 +1,63 @@
{
"error": null,
"id": 0,
"error": null,
"id": 6,
"result": {
"count": 54,
"count": 53,
"result": [
"(targetattr != \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey\")(version 3.0;acl \"Enable Anonymous access\";allow (read,search,compare) userdn = \"ldap:///anyone\";)",
"(targetattr != \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || ipaUniqueId\")(version 3.0;acl \"Admin can manage any entry\";allow (all) groupdn = \"ldap:///cn=admins,cn=groupss,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword\")(version 3.0;acl \"Self can write own password\";allow (write) userdn = \"ldap:///self\";)",
"(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"Admins can write passwords\";allow (add,delete,write) groupdn = \"ldap:///cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"Password change service can read/write passwords\";allow (read,write) userdn = \"ldap:///krbprincipalname=kadmin/changepw@AYOUNG.BOSTON.DEVEL.REDHAT.COM,cn=AYOUNG.BOSTON.DEVEL.REDHAT.COM,cn=kerberos,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"userPassword || krbPrincipalKey || krbPasswordExpiration || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"KDC System Account can access passwords\";allow (all) userdn = \"ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount\")(version 3.0;acl \"KDC System Account can update some fields\";allow (write) userdn = \"ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"krbPrincipalName || krbCanonicalName || krbUPEnabled || krbMKey || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount\")(version 3.0;acl \"Only the KDC System Account has access to kerberos material\";allow (read,search,compare) userdn = \"ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr != \"aci || userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaUniqueId\")(targetfilter = \"(|(objectClass=person)(objectClass=krbPrincipalAux)(objectClass=posixAccount)(objectClass=groupOfNames)(objectClass=posixGroup))\")(version 3.0;acl \"Account Admins can manage Users and Groups\";allow (add,delete,read,write) groupdn = \"ldap:///cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength\")(targetfilter = \"(objectClass=krbPwdPolicy)\")(version 3.0;acl \"Admins can write password policies\";allow (read,search,compare,write) groupdn = \"ldap:///cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"givenName || sn || cn || displayName || title || initials || loginShell || gecos || homePhone || mobile || pager || facsimileTelephoneNumber || telephoneNumber || street || roomNumber || l || st || postalCode || manager || secretary || description || carLicense || labeledURI || inetUserHTTPURL || seeAlso || employeeType || businessCategory || ou\")(version 3.0;acl \"Self service\";allow (write) userdn = \"ldap:///self\";)",
"(targetattr = \"objectClass\")(target = \"ldap:///cn=certificate status,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Get Certificates status from the CA\";allow (write) groupdn = \"ldap:///cn=certificate_status,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Hosts\";allow (add) groupdn = \"ldap:///cn=addhostgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///uid=*,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Users\";allow (delete) groupdn = \"ldap:///cn=removeusers,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"member\")(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify group membership\";allow (write) groupdn = \"ldap:///cn=modifygroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Services\";allow (add) groupdn = \"ldap:///cn=addservices,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"cn || description\")(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Hosts\";allow (write) groupdn = \"ldap:///cn=modifyhostgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Hosts\";allow (add) groupdn = \"ldap:///cn=addhosts,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Groups\";allow (add) groupdn = \"ldap:///cn=addgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"cn || description\")(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Roles\";allow (write) groupdn = \"ldap:///cn=modifyroles,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"memberhost || externalhost || memberuser || member\")(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify netgroup membership\";allow (write) groupdn = \"ldap:///cn=modifynetgroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"userCertificate\")(target = \"ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Services\";allow (write) groupdn = \"ldap:///cn=modifyservices,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove automount maps\";allow (delete) groupdn = \"ldap:///cn=removeautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///automountkey=*,automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove automount keys\";allow (delete) groupdn = \"ldap:///cn=removeautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Services\";allow (delete) groupdn = \"ldap:///cn=removeservices,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///uid=*,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Users\";allow (add) groupdn = \"ldap:///cn=addusers,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"givenName || sn || cn || displayName || title || initials || loginShell || gecos || homePhone || mobile || pager || facsimileTelephoneNumber || telephoneNumber || street || roomNumber || l || st || postalCode || manager || secretary || description || carLicense || labeledURI || inetUserHTTPURL || seeAlso || employeeType || businessCategory || ou || mepManagedEntry || objectclass\")(target = \"ldap:///uid=*,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Users\";allow (write) groupdn = \"ldap:///cn=modifyusers,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"member\")(target = \"ldap:///cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add user to default group\";allow (write) groupdn = \"ldap:///cn=add_user_to_default_group,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///automountkey=*,automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add automount keys\";allow (add) groupdn = \"ldap:///cn=addautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=greyoak,dc=com\")(version 3.0;acl \"Remove entitlement entries\";allow (delete) groupdn = \"ldap:///cn=removeentitlements,cn=taskgroups,cn=accounts,dc=greyoak,dc=com\";)",
"(targetattr = \"krbPrincipalName || enrolledBy || objectClass\")(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Enroll a host\";allow (write) groupdn = \"ldap:///cn=enroll_host,cn=taskgroups, cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"change_password\";allow (write) groupdn = \"ldap:///cn=change_password,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove netgroups\";allow (delete) groupdn = \"ldap:///cn=removenetgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"description\")(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify netgroups\";allow (write) groupdn = \"ldap:///cn=modifynetgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"member\")(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify role group membership\";allow (write) groupdn = \"ldap:///cn=modifyrolegroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"objectClass\")(target = \"ldap:///cn=request certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Request Certificates from the CA\";allow (write) groupdn = \"ldap:///cn=request_certs,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"userCertificate\")(target = \"ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=greyoak,dc=com\")(version 3.0;acl \"Modify entitlements\";allow (write) groupdn = \"ldap:///cn=modifyentitlements,cn=taskgroups,cn=accounts,dc=greyoak,dc=com\";)",
"(targetattr = \"member\")(target = \"ldap:///cn=*,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify task group membership\";allow (write) groupdn = \"ldap:///cn=modifytaskgroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Roles\";allow (add) groupdn = \"ldap:///cn=addroles,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"objectClass\")(target = \"ldap:///cn=certificate remove hold,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Certificate Remove Hold\";allow (write) groupdn = \"ldap:///cn=certificate_remove_hold,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Roles\";allow (delete) groupdn = \"ldap:///cn=removeroles,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add automount maps\";allow (add) groupdn = \"ldap:///cn=addautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"cn || description || l || location || nshardwareplatform || nsosversion\")(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Hosts\";allow (write) groupdn = \"ldap:///cn=modifyhosts,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Hosts\";allow (delete) groupdn = \"ldap:///cn=removehostgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add netgroups\";allow (add) groupdn = \"ldap:///cn=addnetgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Hosts\";allow (delete) groupdn = \"ldap:///cn=removehosts,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=greyoak,dc=com\")(version 3.0;acl \"Add entitlements\";allow (add) groupdn = \"ldap:///cn=addentitlements,cn=taskgroups,cn=accounts,dc=greyoak,dc=com\";)",
"(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Groups\";allow (delete) groupdn = \"ldap:///cn=removegroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"objectClass\")(target = \"ldap:///cn=retrieve certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Retrieve Certificates from the CA\";allow (write) groupdn = \"ldap:///cn=retrieve_certs,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"objectClass\")(target = \"ldap:///cn=revoke certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Revoke Certificate\";allow (write) groupdn = \"ldap:///cn=revoke_certificate,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"krbPrincipalKey || krbLastPwdChange\")(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Manage host keytab\";allow (write) groupdn = \"ldap:///cn=manage_host_keytab,cn=taskgroups, cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"cn || description || gidnumber || objectclass || mepManagedBy\")(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Groups\";allow (write) groupdn = \"ldap:///cn=modifygroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"member\")(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify host group membership\";allow (write) groupdn = \"ldap:///cn=modifyhostgroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr != \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey\")(version 3.0;acl \"Enable Anonymous access\";allow (read,search,compare) userdn = \"ldap:///anyone\";)",
"(targetattr != \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || ipaUniqueId || memberOf || serverHostName || enrolledBy\")(version 3.0;acl \"Admin can manage any entry\";allow (all) groupdn = \"ldap:///cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword\")(version 3.0;acl \"Self can write own password\";allow (write) userdn = \"ldap:///self\";)",
"(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"Admins can write passwords\";allow (add,delete,write) groupdn = \"ldap:///cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"Password change service can read/write passwords\";allow (read,write) userdn = \"ldap:///krbprincipalname=kadmin/changepw@AYOUNG.BOSTON.DEVEL.REDHAT.COM,cn=AYOUNG.BOSTON.DEVEL.REDHAT.COM,cn=kerberos,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"userPassword || krbPrincipalKey || krbPasswordExpiration || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"KDC System Account can access passwords\";allow (all) userdn = \"ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount\")(version 3.0;acl \"KDC System Account can update some fields\";allow (write) userdn = \"ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"krbPrincipalName || krbCanonicalName || krbUPEnabled || krbMKey || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount\")(version 3.0;acl \"Only the KDC System Account has access to kerberos material\";allow (read,search,compare) userdn = \"ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength\")(targetfilter = \"(objectClass=krbPwdPolicy)\")(version 3.0;acl \"Admins can write password policies\";allow (read,search,compare,write) groupdn = \"ldap:///cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"givenName || sn || cn || displayName || title || initials || loginShell || gecos || homePhone || mobile || pager || facsimileTelephoneNumber || telephoneNumber || street || roomNumber || l || st || postalCode || manager || secretary || description || carLicense || labeledURI || inetUserHTTPURL || seeAlso || employeeType || businessCategory || ou\")(version 3.0;acl \"Self service\";allow (write) userdn = \"ldap:///self\";)",
"(targetattr = \"objectClass\")(target = \"ldap:///cn=certificate status,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Get Certificates status from the CA\";allow (write) groupdn = \"ldap:///cn=certificate_status,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///uid=*,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Users\";allow (delete) groupdn = \"ldap:///cn=removeusers,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"member\")(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify group membership\";allow (write) groupdn = \"ldap:///cn=modifygroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Services\";allow (add) groupdn = \"ldap:///cn=addservices,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"change_password\";allow (write) groupdn = \"ldap:///cn=change_password,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Groups\";allow (add) groupdn = \"ldap:///cn=addgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"cn || description\")(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Hostgroups\";allow (write) groupdn = \"ldap:///cn=modifyhostgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"cn || description\")(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Roles\";allow (write) groupdn = \"ldap:///cn=modifyroles,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"memberhost || externalhost || memberuser || member\")(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify netgroup membership\";allow (write) groupdn = \"ldap:///cn=modifynetgroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"userCertificate\")(target = \"ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Services\";allow (write) groupdn = \"ldap:///cn=modifyservices,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Hostgroups\";allow (add) groupdn = \"ldap:///cn=addhostgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove automount maps\";allow (delete) groupdn = \"ldap:///cn=removeautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///automountkey=*,automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove automount keys\";allow (delete) groupdn = \"ldap:///cn=removeautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Services\";allow (delete) groupdn = \"ldap:///cn=removeservices,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///uid=*,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Users\";allow (add) groupdn = \"ldap:///cn=addusers,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"cn || description || l || location || nshardwareplatform || nsosversion\")(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Hosts\";allow (write) groupdn = \"ldap:///cn=modifyhosts,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"member\")(target = \"ldap:///cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add user to default group\";allow (write) groupdn = \"ldap:///cn=add_user_to_default_group,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Hostgroups\";allow (delete) groupdn = \"ldap:///cn=removehostgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=greyoak,dc=com\")(version 3.0;acl \"Remove entitlement entries\";allow (delete) groupdn = \"ldap:///cn=removeentitlements,cn=taskgroups,cn=accounts,dc=greyoak,dc=com\";)",
"(targetattr = \"krbPrincipalName || enrolledBy || objectClass\")(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Enroll a host\";allow (write) groupdn = \"ldap:///cn=enroll_host,cn=taskgroups, cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Hosts\";allow (add) groupdn = \"ldap:///cn=addhosts,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove netgroups\";allow (delete) groupdn = \"ldap:///cn=removenetgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"description\")(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify netgroups\";allow (write) groupdn = \"ldap:///cn=modifynetgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"member\")(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify role group membership\";allow (write) groupdn = \"ldap:///cn=modifyrolegroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"objectClass\")(target = \"ldap:///cn=request certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Request Certificates from the CA\";allow (write) groupdn = \"ldap:///cn=request_certs,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"userCertificate\")(target = \"ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=greyoak,dc=com\")(version 3.0;acl \"Modify entitlements\";allow (write) groupdn = \"ldap:///cn=modifyentitlements,cn=taskgroups,cn=accounts,dc=greyoak,dc=com\";)",
"(targetattr = \"member\")(target = \"ldap:///cn=*,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify task group membership\";allow (write) groupdn = \"ldap:///cn=modifytaskgroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Roles\";allow (add) groupdn = \"ldap:///cn=addroles,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"objectClass\")(target = \"ldap:///cn=certificate remove hold,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Certificate Remove Hold\";allow (write) groupdn = \"ldap:///cn=certificate_remove_hold,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Roles\";allow (delete) groupdn = \"ldap:///cn=removeroles,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add automount maps\";allow (add) groupdn = \"ldap:///cn=addautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"givenName || sn || cn || displayName || title || initials || loginShell || gecos || homePhone || mobile || pager || facsimileTelephoneNumber || telephoneNumber || street || roomNumber || l || st || postalCode || manager || secretary || description || carLicense || labeledURI || inetUserHTTPURL || seeAlso || employeeType || businessCategory || ou || mepManagedEntry || objectclass\")(target = \"ldap:///uid=*,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Users\";allow (write) groupdn = \"ldap:///cn=modifyusers,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add netgroups\";allow (add) groupdn = \"ldap:///cn=addnetgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Hosts\";allow (delete) groupdn = \"ldap:///cn=removehosts,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=greyoak,dc=com\")(version 3.0;acl \"Add entitlements\";allow (add) groupdn = \"ldap:///cn=addentitlements,cn=taskgroups,cn=accounts,dc=greyoak,dc=com\";)",
"(target = \"ldap:///automountkey=*,automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add automount keys\";allow (add) groupdn = \"ldap:///cn=addautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Groups\";allow (delete) groupdn = \"ldap:///cn=removegroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"objectClass\")(target = \"ldap:///cn=retrieve certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Retrieve Certificates from the CA\";allow (write) groupdn = \"ldap:///cn=retrieve_certs,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"objectClass\")(target = \"ldap:///cn=revoke certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Revoke Certificate\";allow (write) groupdn = \"ldap:///cn=revoke_certificate,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"krbPrincipalKey || krbLastPwdChange\")(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Manage host keytab\";allow (write) groupdn = \"ldap:///cn=manage_host_keytab,cn=taskgroups, cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"cn || description || gidnumber || objectclass || mepManagedBy\")(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Groups\";allow (write) groupdn = \"ldap:///cn=modifygroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"member\")(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify host group membership\";allow (write) groupdn = \"ldap:///cn=modifyhostgroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"objectClass\")(target = \"ldap:///cn=request certificate different host,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Request Certificates from a different host\";allow (write) groupdn = \"ldap:///cn=request_cert_different_host,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)"
],
"summary": "54 ACIs matched"
],
"summary": "53 ACIs matched"
}
}

35
install/static/test/data/delegation_find.json Normal file
View File

@ -0,0 +1,35 @@
{
"error": null,
"id": 0,
"result": {
"count": 2,
"result": [
{
"aciname": "delegme",
"attrs": [
"cn"
],
"filter": "(memberOf=cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com)",
"group": "muppets",
"membergroup": "cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"permissions": [
"write"
]
},
{
"aciname": "m2m",
"attrs": [
"title"
],
"filter": "(memberOf=cn=monsters,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com)",
"group": "muppets",
"membergroup": "cn=monsters,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"permissions": [
"write"
]
}
],
"summary": "2 delegations matched",
"truncated": false
}
}

35
install/static/test/data/delegation_list.json Normal file
View File

@ -0,0 +1,35 @@
{
"error": null,
"id": 0,
"result": {
"count": 2,
"result": [
{
"aciname": "delegme",
"attrs": [
"cn"
],
"filter": "(memberOf=cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com)",
"group": "muppets",
"membergroup": "cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"permissions": [
"write"
]
},
{
"aciname": "m2m",
"attrs": [
"title"
],
"filter": "(memberOf=cn=monsters,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com)",
"group": "muppets",
"membergroup": "cn=monsters,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"permissions": [
"write"
]
}
],
"summary": "2 delegations matched",
"truncated": false
}
}

21
install/static/test/data/delegation_mod.json Normal file
View File

@ -0,0 +1,21 @@
{
"error": null,
"id": 0,
"result": {
"result": {
"aciname": "m2m",
"attrs": [
"title"
],
"filter": "(memberOf=cn=monsters,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com)",
"group": "muppets",
"membergroup": "cn=monsters,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"permissions": [
"add",
"delete"
]
},
"summary": "Modified delegation \"m2m\"",
"value": "m2m"
}
}

20
install/static/test/data/delegation_show.json Normal file
View File

@ -0,0 +1,20 @@
{
"error": null,
"id": 0,
"result": {
"result": {
"aciname": "delegme",
"attrs": [
"cn"
],
"filter": "(memberOf=cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com)",
"group": "muppets",
"membergroup": "cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"permissions": [
"write"
]
},
"summary": null,
"value": "delegme"
}
}

758
install/static/test/data/ipa_init.json
View File

@ -52,7 +52,7 @@
"alwaysask": false,
"attribute": false,
"autofill": false,
"class": "Str",
"class": "IA5Str",
"cli_name": "key",
"cli_short_name": null,
"default": null,
@ -78,7 +78,7 @@
"alwaysask": false,
"attribute": false,
"autofill": false,
"class": "Str",
"class": "IA5Str",
"cli_name": "info",
"cli_short_name": null,
"default": null,
@ -234,7 +234,7 @@
"alwaysask": false,
"attribute": false,
"autofill": false,
"class": "Str",
"class": "IA5Str",
"cli_name": "map",
"cli_short_name": null,
"default": null,
@ -295,7 +295,7 @@
"ipahomesrootdir",
"ipadefaultloginshell",
"ipadefaultprimarygroup",
"ipadefaultdomain",
"ipadefaultemaildomain",
"ipasearchtimelimit",
"ipasearchrecordslimit",
"ipausersearchfields",
@ -347,7 +347,7 @@
"alwaysask": false,
"attribute": false,
"autofill": false,
"class": "Str",
"class": "IA5Str",
"cli_name": "homedirectory",
"cli_short_name": null,
"default": null,
@ -497,7 +497,7 @@
"alwaysask": false,
"attribute": false,
"autofill": false,
"class": "Str",
"class": "IA5Str",
"cli_name": "usersearch",
"cli_short_name": null,
"default": null,
@ -523,7 +523,7 @@
"alwaysask": false,
"attribute": false,
"autofill": false,
"class": "Str",
"class": "IA5Str",
"cli_name": "groupsearch",
"cli_short_name": null,
"default": null,
@ -586,7 +586,9 @@
"default": null,
"doc": "Base for certificate subjects (OU=Test,O=Example)",
"exclude": null,
"flags": [],
"flags": [
"no_update"
],
"hint": null,
"include": null,
"label": "Certificate Subject base",
@ -601,6 +603,103 @@
"query": false,
"required": false,
"type": "unicode"
},
{
"alwaysask": false,
"attribute": false,
"autofill": false,
"class": "List",
"cli_name": "groupobjectclasses",
"cli_short_name": null,
"default": null,
"doc": "Default group objectclassses (comma-separated list)",
"exclude": null,
"flags": [],
"hint": null,
"include": null,
"label": "Default group objectclasses",
"multivalue": true,
"name": "ipagroupobjectclasses",
"primary_key": false,
"query": false,
"required": false,
"separator": ",",
"skipspace": true,
"type": "tuple"
},
{
"alwaysask": false,
"attribute": false,
"autofill": false,
"class": "List",
"cli_name": "userobjectclasses",
"cli_short_name": null,
"default": null,
"doc": "Default user objectclassses (comma-separated list)",
"exclude": null,
"flags": [],
"hint": null,
"include": null,
"label": "Default user objectclasses",
"multivalue": true,
"name": "ipauserobjectclasses",
"primary_key": false,
"query": false,
"required": false,
"separator": ",",
"skipspace": true,
"type": "tuple"
},
{
"alwaysask": false,
"attribute": false,
"autofill": false,
"class": "Int",
"cli_name": "pwdexpnotify",
"cli_short_name": null,
"default": null,
"doc": "Password Expiration Notification (days)",
"exclude": null,
"flags": [],
"hint": null,
"include": null,
"label": "Password Expiration Notification",
"maxvalue": null,
"minvalue": 0,
"multivalue": false,
"name": "ipapwdexpadvnotify",
"primary_key": false,
"query": false,
"required": false,
"type": "int"
},
{
"alwaysask": false,
"attribute": false,
"autofill": false,
"class": "Str",
"cli_name": "ipaconfigstring",
"cli_short_name": null,
"default": null,
"doc": "Extra hashes to generate in password plugin",
"exclude": null,
"flags": [
"no_update"
],
"hint": null,
"include": null,
"label": "Password plugin features",
"length": null,
"maxlength": null,
"minlength": null,
"multivalue": false,
"name": "ipaconfigstring",
"pattern": null,
"pattern_errmsg": null,
"primary_key": false,
"query": false,
"required": false,
"type": "unicode"
}
],
"uuid_attribute": ""
@ -1614,6 +1713,151 @@
],
"uuid_attribute": ""
},
"delegation": {
"bindable": false,
"label": "Delegation",
"methods": [
"add",
"del",
"find",
"mod",
"show"
],
"name": "delegation",
"object_name": [
"delegation"
],
"object_name_plural": [
"delegation"
],
"primary_key": "aciname",
"takes_params": [
{
"alwaysask": false,
"attribute": false,
"autofill": false,
"class": "Str",
"cli_name": "name",
"cli_short_name": null,
"default": null,
"doc": "Delegation name",
"exclude": null,
"flags": [],
"hint": null,
"include": null,
"label": "Delegation name",
"length": null,
"maxlength": null,
"minlength": null,
"multivalue": false,
"name": "aciname",
"pattern": null,
"pattern_errmsg": null,
"primary_key": true,
"query": false,
"required": true,
"type": "unicode"
},
{
"alwaysask": false,
"attribute": false,
"autofill": false,
"class": "List",
"cli_name": "permissions",
"cli_short_name": null,
"default": null,
"doc": "Comma-separated list of permissions to grant (read, write). Default is write.",
"exclude": null,
"flags": [],
"hint": null,
"include": null,
"label": "Permissions",
"multivalue": true,
"name": "permissions",
"primary_key": false,
"query": false,
"required": false,
"separator": ",",
"skipspace": true,
"type": "tuple"
},
{
"alwaysask": false,
"attribute": false,
"autofill": false,
"class": "List",
"cli_name": "attrs",
"cli_short_name": null,
"default": null,
"doc": "Comma-separated list of attributes",
"exclude": null,
"flags": [],
"hint": null,
"include": null,
"label": "Attributes",
"multivalue": true,
"name": "attrs",
"primary_key": false,
"query": false,
"required": true,
"separator": ",",
"skipspace": true,
"type": "tuple"
},
{
"alwaysask": false,
"attribute": false,
"autofill": false,
"class": "Str",
"cli_name": "membergroup",
"cli_short_name": null,
"default": null,
"doc": "User group to apply delegation to",
"exclude": null,
"flags": [],
"hint": null,
"include": null,
"label": "Member user group",
"length": null,
"maxlength": null,
"minlength": null,
"multivalue": false,
"name": "memberof",
"pattern": null,
"pattern_errmsg": null,
"primary_key": false,
"query": false,
"required": true,
"type": "unicode"
},
{
"alwaysask": false,
"attribute": false,
"autofill": false,
"class": "Str",
"cli_name": "group",
"cli_short_name": null,
"default": null,
"doc": "User group ACI grants access to",
"exclude": null,
"flags": [],
"hint": null,
"include": null,
"label": "User group",
"length": null,
"maxlength": null,
"minlength": null,
"multivalue": false,
"name": "group",
"pattern": null,
"pattern_errmsg": null,
"primary_key": false,
"query": false,
"required": true,
"type": "unicode"
}
]
},
"dns": {
"default_attributes": [
"idnsname",
@ -4887,7 +5131,7 @@
"objectclass",
"aci"
],
"label": "Role Groups",
"label": "Role",
"methods": [
"add",
"add_member",
@ -4966,6 +5210,99 @@
],
"uuid_attribute": ""
},
"selfservice": {
"bindable": false,
"label": "Self Service Permissions",
"methods": [
"add",
"del",
"find",
"mod",
"show"
],
"name": "selfservice",
"object_name": [
"selfservice"
],
"object_name_plural": [
"selfservice"
],
"primary_key": "aciname",
"takes_params": [
{
"alwaysask": false,
"attribute": false,
"autofill": false,
"class": "Str",
"cli_name": "name",
"cli_short_name": null,
"default": null,
"doc": "Self-Service name",
"exclude": null,
"flags": [],
"hint": null,
"include": null,
"label": "Self-Service name",
"length": null,
"maxlength": null,
"minlength": null,
"multivalue": false,
"name": "aciname",
"pattern": null,
"pattern_errmsg": null,
"primary_key": true,
"query": false,
"required": true,
"type": "unicode"
},
{
"alwaysask": false,
"attribute": false,
"autofill": false,
"class": "List",
"cli_name": "permissions",
"cli_short_name": null,
"default": null,
"doc": "Comma-separated list of permissions to grant (read, write). Default is write.",
"exclude": null,
"flags": [],
"hint": null,
"include": null,
"label": "Permissions",
"multivalue": true,
"name": "permissions",
"primary_key": false,
"query": false,
"required": false,
"separator": ",",
"skipspace": true,
"type": "tuple"
},
{
"alwaysask": false,
"attribute": false,
"autofill": false,
"class": "List",
"cli_name": "attrs",
"cli_short_name": null,
"default": null,
"doc": "Comma-separated list of attributes",
"exclude": null,
"flags": [],
"hint": null,
"include": null,
"label": "Attributes",
"multivalue": true,
"name": "attrs",
"primary_key": false,
"query": false,
"required": true,
"separator": ",",
"skipspace": true,
"type": "tuple"
}
]
},
"service": {
"aciattrs": [
"ipaUniqueID",
@ -5388,6 +5725,12 @@
"memberUser"
],
"attribute_members": {
"ipasudorunas": [
"user"
],
"ipasudorunasgroup": [
"group"
],
"memberallowcmd": [
"sudocmd",
"sudocmdgroup"
@ -5409,7 +5752,15 @@
"container_dn": "cn=sudorules",
"default_attributes": [
"cn",
"description"
"ipaenabledflag",
"description",
"usercategory",
"hostcategory",
"cmdcategory",
"memberuser",
"memberhost",
"memberallowcmd",
"memberdenycmd"
],
"hidden_attributes": [
"objectclass",
@ -5421,13 +5772,19 @@
"add_allow_command",
"add_deny_command",
"add_host",
"add_runasgroup",
"add_runasuser",
"add_user",
"del",
"disable",
"enable",
"find",
"mod",
"remove_allow_command",
"remove_deny_command",
"remove_host",
"remove_runasgroup",
"remove_runasuser",
"remove_user",
"show"
],
@ -5495,6 +5852,89 @@
"required": false,
"type": "unicode"
},
{
"alwaysask": false,
"attribute": false,
"autofill": true,
"class": "Flag",
"cli_name": "ipaenabledflag",
"cli_short_name": null,
"default": false,
"doc": "Enabled",
"exclude": null,
"falsehoods": [
0,
"0",
"false"
],
"flags": [
"no_update",
"no_create",
"no_search"
],
"hint": null,
"include": null,
"label": "Enabled",
"multivalue": false,
"name": "ipaenabledflag",
"primary_key": false,
"query": false,
"required": false,
"truths": [
"1",
1,
"true"
],
"type": "bool"
},
{
"alwaysask": false,
"attribute": false,
"autofill": false,
"class": "StrEnum",
"cli_name": "usercat",
"cli_short_name": null,
"default": null,
"doc": "User category the rule applies to",
"exclude": null,
"flags": [],
"hint": null,
"include": null,
"label": "User category",
"multivalue": false,
"name": "usercategory",
"primary_key": false,
"query": false,
"required": false,
"type": "unicode",
"values": [
"all"
]
},
{
"alwaysask": false,
"attribute": false,
"autofill": false,
"class": "StrEnum",
"cli_name": "hostcat",
"cli_short_name": null,
"default": null,
"doc": "Host category the rule applies to",
"exclude": null,
"flags": [],
"hint": null,
"include": null,
"label": "Host category",
"multivalue": false,
"name": "hostcategory",
"primary_key": false,
"query": false,
"required": false,
"type": "unicode",
"values": [
"all"
]
},
{
"alwaysask": false,
"attribute": false,
@ -5519,6 +5959,54 @@
"all"
]
},
{
"alwaysask": false,
"attribute": false,
"autofill": false,
"class": "StrEnum",
"cli_name": "runasusercat",
"cli_short_name": null,
"default": null,
"doc": "Run As User category the rule applies to",
"exclude": null,
"flags": [],
"hint": null,
"include": null,
"label": "Run As User category",
"multivalue": false,
"name": "ipasudorunasusercategory",
"primary_key": false,
"query": false,
"required": false,
"type": "unicode",
"values": [
"all"
]
},
{
"alwaysask": false,
"attribute": false,
"autofill": false,
"class": "StrEnum",
"cli_name": "runasgroupcat",
"cli_short_name": null,
"default": null,
"doc": "Run As Group category the rule applies to",
"exclude": null,
"flags": [],
"hint": null,
"include": null,
"label": "Run As Group category",
"multivalue": false,
"name": "ipasudorunasgroupcategory",
"primary_key": false,
"query": false,
"required": false,
"type": "unicode",
"values": [
"all"
]
},
{
"alwaysask": false,
"attribute": false,
@ -5728,6 +6216,66 @@
"query": false,
"required": false,
"type": "unicode"
},
{
"alwaysask": false,
"attribute": false,
"autofill": false,
"class": "Str",
"cli_name": "ipasudorunas_user",
"cli_short_name": null,
"default": null,
"doc": "Run As User",
"exclude": null,
"flags": [
"no_update",
"no_create",
"no_search"
],
"hint": null,
"include": null,
"label": "Run As User",
"length": null,
"maxlength": null,
"minlength": null,
"multivalue": false,
"name": "ipasudorunas_user",
"pattern": null,
"pattern_errmsg": null,
"primary_key": false,
"query": false,
"required": false,
"type": "unicode"
},
{
"alwaysask": false,
"attribute": false,
"autofill": false,
"class": "Str",
"cli_name": "ipasudorunasgroup_group",
"cli_short_name": null,
"default": null,
"doc": "Run As Group",
"exclude": null,
"flags": [
"no_update",
"no_create",
"no_search"
],
"hint": null,
"include": null,
"label": "Run As Group",
"length": null,
"maxlength": null,
"minlength": null,
"multivalue": false,
"name": "ipasudorunasgroup_group",
"pattern": null,
"pattern_errmsg": null,
"primary_key": false,
"query": false,
"required": false,
"type": "unicode"
}
],
"uuid_attribute": "ipauniqueid"
@ -5742,25 +6290,68 @@
"gidNumber",
"uidNumber",
"homeDirectory",
"radiusRealm",
"radiusSimultaneousUse",
"radiusProxyToRealm",
"radiusReplicateToRealm",
"radiusStripUserName",
"dialupAccess",
"radiusLoginTime",
"radiusUserCategory",
"radiusExpiration",
"radiusCheckItem",
"manager",
"userCertificate",
"homePostalAddress",
"krbLoginFailedCount",
"krbLastSuccessfulAuth",
"title",
"userSMIMECertificate",
"krbPrincipalExpiration",
"roomNumber",
"photo",
"description",
"krbPrincipalName",
"mail",
"krbLastPwdChange",
"krbLoginFailedCount",
"userSMIMECertificate",
"radiusNASIpAddress",
"radiusReplyItem",
"employeeType",
"krbPwdHistory",
"carLicense",
"departmentNumber",
"employeeNumber",
"inetUserHttpURL",
"memberOf",
"displayName",
"st",
"street",
"l",
"krbMaxRenewableAge",
"jpegPhoto",
"audio",
"pager",
"secretary",
"preferredLanguage",
"krbExtraData",
"krbCanonicalName",
"o",
"ou",
"seeAlso",
"userPassword",
"businessCategory",
"postalAddress",
"postalCode",
"postOfficeBox",
"physicalDeliveryOfficeName",
"mobile",
"krbPwdPolicyReference",
"labeledURI",
"homePhone",
"krbPasswordExpiration",
"inetUserStatus",
"krbLastPwdChange",
"krbMaxTicketLife",
"krbUPEnabled",
"loginShell",
"x500UniqueIdentifier",
"krbLastFailedAuth",
"gecos",
"krbPrincipalKey",
"krbTicketFlags",
"krbPrincipalType",
"userPKCS12",
"initials",
"krbTicketPolicyReference",
"givenName",
"preferredDeliveryMethod",
"krbPrincipalAliases",
"telexNumber",
"telephoneNumber",
@ -5769,112 +6360,7 @@
"internationalISDNNumber",
"x121Address",
"destinationIndicator",
"registeredAddress",
"radiusTunnelType",
"krbPrincipalKey",
"radiusTunnelClientEndpoint",
"radiusVSA",
"krbPrincipalName",
"displayName",
"preferredDeliveryMethod",
"audio",
"preferredLanguage",
"krbExtraData",
"krbCanonicalName",
"radiusLoginIPHost",
"krbTicketFlags",
"krbPwdHistory",
"pager",
"mobile",
"memberOf",
"krbUPEnabled",
"krbPrincipalType",
"krbTicketPolicyReference",
"x500UniqueIdentifier",
"krbMaxTicketLife",
"givenName",
"homePostalAddress",
"radiusReplyMessage",
"krbPrincipalExpiration",
"userPKCS12",
"radiusFramedProtocol",
"radiusFramedRoute",
"radiusFramedIPXNetwork",
"radiusFramedMTU",
"radiusFramedIPAddress",
"radiusFramedIPNetmask",
"radiusFramedAppleTalkZone",
"radiusFramedCompression",
"radiusFramedAppleTalkLink",
"radiusFramedAppleTalkNetwork",
"st",
"street",
"l",
"inetUserHttpURL",
"inetUserStatus",
"o",
"ou",
"title",
"description",
"businessCategory",
"postalAddress",
"postalCode",
"postOfficeBox",
"physicalDeliveryOfficeName",
"krbPwdPolicyReference",
"secretary",
"homePhone",
"radiusLoginLATGroup",
"krbLastFailedAuth",
"radiusIdleTimeout",
"radiusFramedRouting",
"radiusLoginService",
"radiusLoginLATService",
"radiusLoginLATPort",
"radiusLoginLATNode",
"radiusPasswordRetry",
"radiusLoginTCPPort",
"radiusPortLimit",
"manager",
"radiusTerminationAction",
"radiusTunnelAssignmentId",
"radiusTunnelMediumType",
"radiusTunnelPassword",
"labeledURI",
"radiusPrompt",
"radiusServiceType",
"radiusSessionTimeout",
"employeeType",
"radiusTunnelPreference",
"carLicense",
"departmentNumber",
"employeeNumber",
"radiusTunnelPrivateGroupId",
"userCertificate",
"radiusTunnelServerEndpoint",
"seeAlso",
"userPassword",
"radiusClientIPAddress",
"radiusAuthType",
"radiusHint",
"radiusGroupName",
"radiusProfileDn",
"radiusHuntgroupName",
"krbMaxRenewableAge",
"krbPasswordExpiration",
"krbLastSuccessfulAuth",
"loginShell",
"gecos",
"radiusCallbackId",
"radiusCallbackNumber",
"radiusCalledStationId",
"radiusCallingStationId",
"radiusArapFeatures",
"radiusArapSecurity",
"radiusArapZoneAccess",
"initials",
"radiusClass",
"radiusFilterId"
"registeredAddress"
],
"attribute_members": {
"memberof": [
@ -6683,19 +7169,19 @@
"Administrator"
],
"gidnumber": [
"2120898932"
"66000000"
],
"homedirectory": [
"/home/admin"
],
"ipauniqueid": [
"cc2d5b64-fe52-11df-a795-525400674dcd"
"c9e61ada-0703-11e0-addd-525400674dcd"
],
"krblastpwdchange": [
"20101202203134Z"
"20101213215751Z"
],
"krbpasswordexpiration": [
"20110302203134Z"
"20110313215751Z"
],
"krbprincipalname": [
"admin@AYOUNG.BOSTON.DEVEL.REDHAT.COM"
@ -6729,7 +7215,7 @@
"admin"
],
"uidnumber": [
"2120898932"
"66000000"
]
}
],

26
install/static/test/data/permission_add.json Normal file
View File

@ -0,0 +1,26 @@
{
"error": null,
"id": 0,
"result": {
"result": {
"cn": [
"testperm"
],
"description": [
"description"
],
"dn": "cn=testperm,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"objectclass": [
"groupofnames",
"top"
],
"permissions": [
"read",
"write"
],
"targetgroup": "ipausers"
},
"summary": "Added permission \"testperm\"",
"value": "testperm"
}
}

9
install/static/test/data/permission_del Normal file
View File

@ -0,0 +1,9 @@
{
"error": null,
"id": 0,
"result": {
"result": true,
"summary": "Deleted permission \"testperm\"",
"value": "testperm"
}
}

887
install/static/test/data/permission_find.json Normal file
View File

@ -0,0 +1,887 @@
{
"error": null,
"id": 0,
"result": {
"count": 47,
"result": [
{
"cn": [
"addusers"
],
"description": [
"Add Users"
],
"dn": "cn=addusers,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"useradmin"
],
"permissions": [
"add"
],
"type": "user"
},
{
"attrs": [
"userPassword",
"krbPrincipalKey",
"sambaLMPassword",
"sambaNTPassword",
"passwordHistory"
],
"cn": [
"change_password"
],
"description": [
"Change a user password"
],
"dn": "cn=change_password,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"useradmin"
],
"permissions": [
"write"
]
},
{
"attrs": [
"member"
],
"cn": [
"add_user_to_default_group"
],
"description": [
"Add user to default group"
],
"dn": "cn=add_user_to_default_group,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"useradmin"
],
"permissions": [
"write"
],
"targetgroup": "ldap:///cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
},
{
"cn": [
"removeusers"
],
"description": [
"Remove Users"
],
"dn": "cn=removeusers,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"useradmin"
],
"permissions": [
"delete"
],
"type": "user"
},
{
"attrs": [
"givenName",
"sn",
"cn",
"displayName",
"title",
"initials",
"loginShell",
"gecos",
"homePhone",
"mobile",
"pager",
"facsimileTelephoneNumber",
"telephoneNumber",
"street",
"roomNumber",
"l",
"st",
"postalCode",
"manager",
"secretary",
"description",
"carLicense",
"labeledURI",
"inetUserHTTPURL",
"seeAlso",
"employeeType",
"businessCategory",
"ou",
"mepManagedEntry",
"objectclass"
],
"cn": [
"modifyusers"
],
"description": [
"Modify Users"
],
"dn": "cn=modifyusers,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"useradmin"
],
"permissions": [
"write"
],
"type": "user"
},
{
"cn": [
"addgroups"
],
"description": [
"Add Groups"
],
"dn": "cn=addgroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"groupadmin"
],
"permissions": [
"add"
],
"type": "group"
},
{
"cn": [
"removegroups"
],
"description": [
"Remove Groups"
],
"dn": "cn=removegroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"groupadmin"
],
"permissions": [
"delete"
],
"type": "group"
},
{
"attrs": [
"cn",
"description",
"gidnumber",
"objectclass",
"mepManagedBy",
"ipaUniqueId"
],
"cn": [
"modifygroups"
],
"description": [
"Modify Groups"
],
"dn": "cn=modifygroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"groupadmin"
],
"permissions": [
"write"
],
"type": "group"
},
{
"attrs": [
"member"
],
"cn": [
"modifygroupmembership"
],
"description": [
"Modify Group membership"
],
"dn": "cn=modifygroupmembership,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"groupadmin"
],
"permissions": [
"write"
],
"type": "group"
},
{
"cn": [
"addhosts"
],
"description": [
"Add Hosts"
],
"dn": "cn=addhosts,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"hostadmin"
],
"permissions": [
"add"
],
"type": "host"
},
{
"cn": [
"removehosts"
],
"description": [
"Remove Hosts"
],
"dn": "cn=removehosts,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"hostadmin"
],
"permissions": [
"delete"
],
"type": "host"
},
{
"attrs": [
"description",
"l",
"nshostlocation",
"nshardwareplatform",
"nsosversion"
],
"cn": [
"modifyhosts"
],
"description": [
"Modify Hosts"
],
"dn": "cn=modifyhosts,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"hostadmin"
],
"permissions": [
"write"
],
"type": "host"
},
{
"cn": [
"addhostgroups"
],
"description": [
"Add Hostgroups"
],
"dn": "cn=addhostgroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"hostgroupadmin"
],
"permissions": [
"add"
],
"type": "hostgroup"
},
{
"cn": [
"removehostgroups"
],
"description": [
"Remove Hostgroups"
],
"dn": "cn=removehostgroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"hostgroupadmin"
],
"permissions": [
"delete"
],
"type": "hostgroup"
},
{
"attrs": [
"cn",
"description"
],
"cn": [
"modifyhostgroups"
],
"description": [
"Modify Hostgroups"
],
"dn": "cn=modifyhostgroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"hostgroupadmin"
],
"permissions": [
"write"
],
"type": "hostgroup"
},
{
"attrs": [
"member"
],
"cn": [
"modifyhostgroupmembership"
],
"description": [
"Modify Hostgroup membership"
],
"dn": "cn=modifyhostgroupmembership,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"hostgroupadmin"
],
"permissions": [
"write"
],
"type": "hostgroup"
},
{
"cn": [
"addservices"
],
"description": [
"Add Services"
],
"dn": "cn=addservices,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"serviceadmin"
],
"permissions": [
"add"
],
"type": "service"
},
{
"cn": [
"removeservices"
],
"description": [
"Remove Services"
],
"dn": "cn=removeservices,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"serviceadmin"
],
"permissions": [
"delete"
],
"type": "service"
},
{
"attrs": [
"userCertificate"
],
"cn": [
"modifyservices"
],
"description": [
"Modify Services"
],
"dn": "cn=modifyservices,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"serviceadmin"
],
"permissions": [
"write"
],
"type": "service"
},
{
"cn": [
"addroles"
],
"description": [
"Add Roles"
],
"dn": "cn=addroles,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"delegationadmin"
],
"permissions": [
"add"
],
"subtree": "ldap:///cn=*,cn=roles,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
},
{
"cn": [
"removeroles"
],
"description": [
"Remove Roles"
],
"dn": "cn=removeroles,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"delegationadmin"
],
"permissions": [
"delete"
],
"subtree": "ldap:///cn=*,cn=roles,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
},
{
"attrs": [
"cn",
"description"
],
"cn": [
"modifyroles"
],
"description": [
"Modify Roles"
],
"dn": "cn=modifyroles,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"delegationadmin"
],
"permissions": [
"write"
],
"subtree": "ldap:///cn=*,cn=roles,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
},
{
"attrs": [
"member"
],
"cn": [
"modifyrolemembership"
],
"description": [
"Modify Role Group membership"
],
"dn": "cn=modifyrolemembership,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"delegationadmin"
],
"permissions": [
"write"
],
"subtree": "ldap:///cn=*,cn=roles,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
},
{
"attrs": [
"member"
],
"cn": [
"modifyprivilegemembership"
],
"description": [
"Modify privilege membership"
],
"dn": "cn=modifyprivilegemembership,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"delegationadmin"
],
"permissions": [
"write"
],
"subtree": "ldap:///cn=*,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
},
{
"cn": [
"addautomountmaps"
],
"description": [
"Add Automount maps"
],
"dn": "cn=addautomountmaps,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"automountadmin"
],
"permissions": [
"add"
],
"subtree": "ldap:///automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
},
{
"cn": [
"removeautomountmaps"
],
"description": [
"Remove Automount maps"
],
"dn": "cn=removeautomountmaps,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"automountadmin"
],
"permissions": [
"delete"
],
"subtree": "ldap:///automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
},
{
"cn": [
"addautomountkeys"
],
"description": [
"Add Automount keys"
],
"dn": "cn=addautomountkeys,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"automountadmin"
],
"permissions": [
"add"
],
"subtree": "ldap:///automountkey=*,automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
},
{
"cn": [
"removeautomountkeys"
],
"description": [
"Remove Automount keys"
],
"dn": "cn=removeautomountkeys,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"automountadmin"
],
"permissions": [
"delete"
],
"subtree": "ldap:///automountkey=*,automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
},
{
"cn": [
"addnetgroups"
],
"description": [
"Add netgroups"
],
"dn": "cn=addnetgroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"netgroupadmin"
],
"permissions": [
"add"
],
"type": "netgroup"
},
{
"cn": [
"removenetgroups"
],
"description": [
"Remove netgroups"
],
"dn": "cn=removenetgroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"netgroupadmin"
],
"permissions": [
"delete"
],
"type": "netgroup"
},
{
"attrs": [
"description"
],
"cn": [
"modifynetgroups"
],
"description": [
"Modify netgroups"
],
"dn": "cn=modifynetgroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"netgroupadmin"
],
"permissions": [
"write"
],
"type": "netgroup"
},
{
"attrs": [
"memberhost",
"externalhost",
"memberuser",
"member"
],
"cn": [
"modifynetgroupmembership"
],
"description": [
"Modify netgroup membership"
],
"dn": "cn=modifynetgroupmembership,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"netgroupadmin"
],
"permissions": [
"write"
],
"type": "netgroup"
},
{
"attrs": [
"krbPrincipalKey",
"krbLastPwdChange"
],
"cn": [
"manage_host_keytab"
],
"description": [
"Manage host keytab"
],
"dn": "cn=manage_host_keytab,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"hostadmin",
"enrollhost"
],
"permissions": [
"write"
],
"type": "host"
},
{
"attrs": [
"krbPrincipalKey",
"krbLastPwdChange"
],
"cn": [
"manage_service_keytab"
],
"description": [
"Manage service keytab"
],
"dn": "cn=manage_service_keytab,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"serviceadmin",
"admins"
],
"permissions": [
"write"
],
"type": "service"
},
{
"attrs": [
"enrolledBy",
"objectClass"
],
"cn": [
"enroll_host"
],
"description": [
"Enroll a host"
],
"dn": "cn=enroll_host,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"hostadmin",
"enrollhost"
],
"permissions": [
"write"
],
"type": "host"
},
{
"cn": [
"managereplica"
],
"description": [
"Manage Replication Agreements"
],
"dn": "cn=managereplica,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"replicaadmin"
],
"memberindirect": [
"uid=admin,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
]
},
{
"cn": [
"deletereplica"
],
"description": [
"Delete Replication Agreements"
],
"dn": "cn=deletereplica,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"replicaadmin"
],
"memberindirect": [
"uid=admin,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
]
},
{
"cn": [
"addentitlements"
],
"description": [
"Add Entitlements"
],
"dn": "cn=addentitlements,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"entitlementadmin"
],
"permissions": [
"add"
],
"subtree": "ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
},
{
"cn": [
"removeentitlements"
],
"description": [
"Remove Entitlements"
],
"dn": "cn=removeentitlements,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"entitlementadmin"
],
"permissions": [
"delete"
],
"subtree": "ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
},
{
"attrs": [
"userCertificate"
],
"cn": [
"modifyentitlements"
],
"description": [
"Modify Entitlements"
],
"dn": "cn=modifyentitlements,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"entitlementadmin"
],
"permissions": [
"write"
],
"subtree": "ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
},
{
"attrs": [
"objectClass"
],
"cn": [
"retrieve_certs"
],
"description": [
"Retrieve Certificates from the CA"
],
"dn": "cn=retrieve_certs,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"certadmin"
],
"permissions": [
"write"
],
"subtree": "ldap:///cn=retrieve certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
},
{
"attrs": [
"objectClass"
],
"cn": [
"request_certs"
],
"description": [
"Request Certificates from the CA"
],
"dn": "cn=request_certs,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"certadmin"
],
"permissions": [
"write"
],
"subtree": "ldap:///cn=request certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
},
{
"attrs": [
"objectClass"
],
"cn": [
"request_cert_different_host"
],
"description": [
"Request Certificates from a different host"
],
"dn": "cn=request_cert_different_host,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"certadmin"
],
"permissions": [
"write"
],
"subtree": "ldap:///cn=request certificate different host,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
},
{
"attrs": [
"objectClass"
],
"cn": [
"certificate_status"
],
"description": [
"Get Certificates status from the CA"
],
"dn": "cn=certificate_status,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"certadmin"
],
"permissions": [
"write"
],
"subtree": "ldap:///cn=certificate status,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
},
{
"attrs": [
"objectClass"
],
"cn": [
"revoke_certificate"
],
"description": [
"Revoke Certificate"
],
"dn": "cn=revoke_certificate,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"certadmin"
],
"permissions": [
"write"
],
"subtree": "ldap:///cn=revoke certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
},
{
"attrs": [
"objectClass"
],
"cn": [
"certificate_remove_hold"
],
"description": [
"Certificate Remove Hold"
],
"dn": "cn=certificate_remove_hold,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"certadmin"
],
"permissions": [
"write"
],
"subtree": "ldap:///cn=certificate remove hold,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
},
{
"cn": [
"update_dns"
],
"description": [
"DNS Servers Updates"
],
"dn": "cn=update_dns,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member_privilege": [
"dnsadmin",
"dnsserver"
],
"memberindirect": [
"krbprincipalname=dns/ipa.ayoung.boston.devel.redhat.com@ayoung.boston.devel.redhat.com,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
]
}
],
"summary": "47 permissions matched",
"truncated": false
}
}

41
install/static/test/data/permission_show.json Normal file
View File

@ -0,0 +1,41 @@
{
"error": null,
"id": 6,
"result": {
"result": {
"attributelevelrights": {
"aci": "rscwo",
"businesscategory": "rscwo",
"cn": "rscwo",
"description": "rscwo",
"member": "rscwo",
"nsaccountlock": "rscwo",
"o": "rscwo",
"objectclass": "rscwo",
"ou": "rscwo",
"owner": "rscwo",
"seealso": "rscwo"
},
"cn": [
"addusers"
],
"description": [
"Add Users"
],
"dn": "cn=addusers,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"member": [
"cn=useradmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
],
"objectclass": [
"top",
"groupofnames"
],
"permissions": [
"add"
],
"type": "user"
},
"summary": null,
"value": "addusers"
}
}

215
install/static/test/data/privilege_find.json Normal file
View File

@ -0,0 +1,215 @@
{
"error": null,
"id": 0,
"result": {
"count": 14,
"result": [
{
"cn": [
"useradmin"
],
"description": [
"User Administrators"
],
"dn": "cn=useradmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"memberof_permission": [
"addusers",
"change_password",
"add_user_to_default_group",
"removeusers",
"modifyusers"
]
},
{
"cn": [
"groupadmin"
],
"description": [
"Group Administrators"
],
"dn": "cn=groupadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"memberof_permission": [
"addgroups",
"removegroups",
"modifygroups",
"modifygroupmembership"
]
},
{
"cn": [
"hostadmin"
],
"description": [
"Host Administrators"
],
"dn": "cn=hostadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"memberof_permission": [
"addhosts",
"removehosts",
"modifyhosts",
"manage_host_keytab",
"enroll_host"
]
},
{
"cn": [
"hostgroupadmin"
],
"description": [
"Host Group Administrators"
],
"dn": "cn=hostgroupadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"memberof_permission": [
"addhostgroups",
"removehostgroups",
"modifyhostgroups",
"modifyhostgroupmembership"
]
},
{
"cn": [
"delegationadmin"
],
"description": [
"Role administration"
],
"dn": "cn=delegationadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"memberof_permission": [
"addroles",
"removeroles",
"modifyroles",
"modifyrolemembership",
"modifyprivilegemembership"
]
},
{
"cn": [
"serviceadmin"
],
"description": [
"Service Administrators"
],
"dn": "cn=serviceadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"memberof_permission": [
"addservices",
"removeservices",
"modifyservices",
"manage_service_keytab"
]
},
{
"cn": [
"automountadmin"
],
"description": [
"Automount Administrators"
],
"dn": "cn=automountadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"memberof_permission": [
"addautomountmaps",
"removeautomountmaps",
"addautomountkeys",
"removeautomountkeys"
]
},
{
"cn": [
"netgroupadmin"
],
"description": [
"Netgroups Administrators"
],
"dn": "cn=netgroupadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"memberof_permission": [
"addnetgroups",
"removenetgroups",
"modifynetgroups",
"modifynetgroupmembership"
]
},
{
"cn": [
"certadmin"
],
"description": [
"Certificate Administrators"
],
"dn": "cn=certadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"memberof_permission": [
"retrieve_certs",
"request_certs",
"request_cert_different_host",
"certificate_status",
"revoke_certificate",
"certificate_remove_hold"
]
},
{
"cn": [
"replicaadmin"
],
"description": [
"Replication Administrators"
],
"dn": "cn=replicaadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"memberindirect": [
"uid=admin,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
],
"memberof_permission": [
"managereplica",
"deletereplica"
]
},
{
"cn": [
"enrollhost"
],
"description": [
"Host Enrollment"
],
"dn": "cn=enrollhost,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"memberof_permission": [
"manage_host_keytab",
"enroll_host"
]
},
{
"cn": [
"entitlementadmin"
],
"description": [
"Entitlement Administrators"
],
"dn": "cn=entitlementadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"memberof_permission": [
"addentitlements",
"removeentitlements",
"modifyentitlements"
]
},
{
"cn": [
"dnsadmin"
],
"description": [
"DNS Administrators"
],
"dn": "cn=dnsadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
},
{
"cn": [
"dnsserver"
],
"description": [
"DNS Servers"
],
"dn": "cn=dnsserver,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"memberindirect": [
"krbprincipalname=dns/ipa.ayoung.boston.devel.redhat.com@ayoung.boston.devel.redhat.com,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
]
}
],
"summary": "14 privileges matched",
"truncated": false
}
}

39
install/static/test/data/privilege_show.json Normal file
View File

@ -0,0 +1,39 @@
{
"error": null,
"id": 0,
"result": {
"result": {
"attributelevelrights": {
"aci": "rscwo",
"businesscategory": "rscwo",
"cn": "rscwo",
"description": "rscwo",
"member": "rscwo",
"memberof": "rsc",
"nsaccountlock": "rscwo",
"o": "rscwo",
"objectclass": "rscwo",
"ou": "rscwo",
"owner": "rscwo",
"seealso": "rscwo"
},
"cn": [
"dnsserver"
],
"description": [
"DNS Servers"
],
"dn": "cn=dnsserver,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"memberindirect": [
"krbprincipalname=dns/ipa.ayoung.boston.devel.redhat.com@ayoung.boston.devel.redhat.com,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
],
"objectclass": [
"top",
"groupofnames",
"nestedgroup"
]
},
"summary": null,
"value": "dnsserver"
}
}

20
install/static/test/data/role_find.json Normal file
View File

@ -0,0 +1,20 @@
{
"error": null,
"id": 0,
"result": {
"count": 1,
"result": [
{
"cn": [
"helpdesk"
],
"description": [
"Helpdesk"
],
"dn": "cn=helpdesk,cn=roles,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
}
],
"summary": "1 role matched",
"truncated": false
}
}

36
install/static/test/data/role_show.json Normal file
View File

@ -0,0 +1,36 @@
{
"error": null,
"id": 0,
"result": {
"result": {
"attributelevelrights": {
"aci": "rscwo",
"businesscategory": "rscwo",
"cn": "rscwo",
"description": "rscwo",
"member": "rscwo",
"memberof": "rsc",
"nsaccountlock": "rscwo",
"o": "rscwo",
"objectclass": "rscwo",
"ou": "rscwo",
"owner": "rscwo",
"seealso": "rscwo"
},
"cn": [
"helpdesk"
],
"description": [
"Helpdesk"
],
"dn": "cn=helpdesk,cn=roles,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
"objectclass": [
"top",
"groupofnames",
"nestedgroup"
]
},
"summary": null,
"value": "helpdesk"
}
}

24
install/static/test/data/selfservice_find.json Normal file
View File

@ -0,0 +1,24 @@
{
"error": null,
"id": 0,
"result": {
"count": 1,
"result": [
{
"aciname": "Self can write own password",
"attrs": [
"userPassword",
"krbPrincipalKey",
"sambaLMPassword",
"sambaNTPassword"
],
"permissions": [
"write"
],
"selfaci": true
}
],
"summary": "1 selfservice matched",
"truncated": false
}
}

21
install/static/test/data/selfservice_show.json Normal file
View File

@ -0,0 +1,21 @@
{
"error": null,
"id": 0,
"result": {
"result": {
"aciname": "Self can write own password",
"attrs": [
"userPassword",
"krbPrincipalKey",
"sambaLMPassword",
"sambaNTPassword"
],
"permissions": [
"write"
],
"selfaci": true
},
"summary": null,
"value": "Self can write own password"
}
}

2
install/static/test/details_tests.js
View File

@ -19,6 +19,8 @@
*/
module('details');
test("Testing ipa_details_section.create().", function() {
IPA.ajax_options.async = false;

2
install/static/test/entity_tests.js
View File

@ -18,6 +18,8 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
module('entity');
test('Testing ipa_entity_set_search_definition().', function() {
var uid_callback = function() {

1
install/static/test/index.html
View File

@ -30,6 +30,7 @@
<li><a href="association_tests.html">Association Test Suite</a>
<li><a href="navigation_tests.html">Navigation Test Suite</a>
<li><a href="certificate_tests.html">Certificate Test Suite</a>
<li><a href="aci_tests.html">Access Control Interface Test Suite</a>
</ul>
</div>

2
install/static/test/ipa_tests.js
View File

@ -18,6 +18,8 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
module('ipa');
test("Testing ipa_init().", function() {
expect(1);

2
install/static/test/navigation_tests.js
View File

@ -19,7 +19,7 @@
*/
module('navigation');
test("Testing nav_create().", function() {

6
install/static/webui.js
View File

@ -47,6 +47,12 @@ var admin_tab_set = [
{name:'krbtpolicy', entity:'krbtpolicy'}
]},
{name:'ipaserver', children: [
{name:'role',entity:'role' ,children:[
{name:'privilege',entity:'privilege' },
{name:'permission', entity:'permission'}
]},
{name:'selfservice' ,entity:'selfservice'},
{name:'delegation' ,entity:'delegation'},
{name:'config', entity:'config'}
]}
];

6
install/static/widget.js
View File

@ -686,7 +686,11 @@ function ipa_table_widget(spec) {
var name = that.columns[i].name;
var values = result[name];
if (!values) continue;
record[name] = values[index];
if (values instanceof Array){
record[name] = values[index];
}else{
record[name] = values;
}
}
return record;
};

2
ipalib/plugins/delegation.py
View File

@ -138,6 +138,8 @@ class delegation(Object):
json_dict = dict(
(a, getattr(self, a)) for a in json_friendly_attributes
)
json_dict['primary_key'] = self.primary_key.name
json_dict['methods'] = [m for m in self.methods]
return json_dict

3
ipalib/plugins/selfservice.py
View File

@ -70,7 +70,7 @@ class selfservice(Object):
bindable = False
object_name = 'selfservice',
object_name_plural = 'selfservice',
label = _('Permissions')
label = _('Self Service Permissions')
takes_params = (
Str('aciname',
@ -101,6 +101,7 @@ class selfservice(Object):
json_dict = dict(
(a, getattr(self, a)) for a in json_friendly_attributes
)
json_dict['primary_key'] = self.primary_key.name
json_dict['methods'] = [m for m in self.methods]
return json_dict