IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Adds methods to manipulate groups by dns.

Browse Source 
Renamed some of the user_group parameters to be self-evident.
Binary wrapping isn't necessary on strings, so removed from xmlrpc calls.
This commit is contained in:
Kevin McCarthy 2007-09-26 15:47:34 -07:00
parent f8eda3da3e
commit 1725397a53
5 changed files with 215 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
ipa-python/ipaclient.py
View File

@ -205,41 +205,65 @@ class IPAClient:
return groups
def add_user_to_group(self, user, group):
def add_member_to_group(self, member_dn, group_cn):
"""Add a member to an existing group.
"""
return self.transport.add_member_to_group(member_dn, group_cn)
def add_members_to_group(self, member_dns, group_cn):
"""Add several members to an existing group.
member_dns is a list of dns to add
Returns a list of the dns that were not added.
"""
return self.transport.add_members_to_group(member_dns, group_cn)
def remove_member_from_group(self, member_dn, group_cn):
"""Remove a member from an existing group.
"""
return self.transport.remove_member_from_group(member_dn, group_cn)
def remove_members_from_group(self, member_dns, group_cn):
"""Remove several members from an existing group.
member_dns is a list of dns to remove
Returns a list of the dns that were not removed.
"""
return self.transport.remove_members_from_group(member_dns, group_cn)
def add_user_to_group(self, user_uid, group_cn):
"""Add a user to an existing group.
user is a uid of the user to add
group is the cn of the group to be added to
"""
return self.transport.add_user_to_group(user, group)
return self.transport.add_user_to_group(user_uid, group_cn)
def add_users_to_group(self, users, group):
def add_users_to_group(self, user_uids, group_cn):
"""Add several users to an existing group.
user is a list of uids of the users to add
group is the cn of the group to be added to
user_uids is a list of uids of the users to add
Returns a list of the users that were not added.
Returns a list of the user uids that were not added.
"""
return self.transport.add_users_to_group(users, group)
return self.transport.add_users_to_group(user_uids, group_cn)
def remove_user_from_group(self, user, group):
def remove_user_from_group(self, user_uid, group_cn):
"""Remove a user from an existing group.
user is a uid of the user to remove
group is the cn of the group to be removed from
"""
return self.transport.remove_user_from_group(user, group)
return self.transport.remove_user_from_group(user_uid, group_cn)
def remove_users_from_group(self, users, group):
def remove_users_from_group(self, user_uids, group_cn):
"""Remove several users from an existing group.
user is a list of uids of the users to remove
group is the cn of the group to be removed from
user_uids is a list of uids of the users to remove
Returns a list of the users that were not removed.
Returns a list of the user uids that were not removed.
"""
return self.transport.remove_users_from_group(users, group)
return self.transport.remove_users_from_group(user_uids, group_cn)
def update_group(self,group):
"""Update a group entry."""

96
ipa-python/rpcclient.py
View File

@ -326,49 +326,98 @@ class RPCClient:
return ipautil.unwrap_binary_data(result)
def add_user_to_group(self, user, group):
def add_member_to_group(self, member_dn, group_cn):
"""Add a new member to an existing group.
"""
server = self.setup_server()
try:
result = server.add_member_to_group(member_dn, group_cn)
except xmlrpclib.Fault, fault:
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
except socket.error, (value, msg):
raise xmlrpclib.Fault(value, msg)
return ipautil.unwrap_binary_data(result)
def add_members_to_group(self, member_dns, group_cn):
"""Add several members to an existing group.
member_dns is a list of the dns to add
Returns a list of the dns that were not added.
"""
server = self.setup_server()
try:
result = server.add_members_to_group(member_dns, group_cn)
except xmlrpclib.Fault, fault:
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
except socket.error, (value, msg):
raise xmlrpclib.Fault(value, msg)
return ipautil.unwrap_binary_data(result)
def remove_member_from_group(self, member_dn, group_cn):
"""Remove a member from an existing group.
"""
server = self.setup_server()
try:
result = server.remove_member_from_group(member_dn, group_cn)
except xmlrpclib.Fault, fault:
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
except socket.error, (value, msg):
raise xmlrpclib.Fault(value, msg)
return ipautil.unwrap_binary_data(result)
def remove_members_from_group(self, member_dns, group_cn):
"""Remove several members from an existing group.
Returns a list of the dns that were not removed.
"""
server = self.setup_server()
try:
result = server.remove_members_from_group(member_dns, group_cn)
except xmlrpclib.Fault, fault:
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
except socket.error, (value, msg):
raise xmlrpclib.Fault(value, msg)
return ipautil.unwrap_binary_data(result)
def add_user_to_group(self, user_uid, group_cn):
"""Add a user to an existing group.
user is a uid of the user to add
group is the cn of the group to be added to
"""
server = self.setup_server()
try:
result = server.add_user_to_group(ipautil.wrap_binary_data(user),
ipautil.wrap_binary_data(group))
result = server.add_user_to_group(user_uid, group_cn)
except xmlrpclib.Fault, fault:
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
except socket.error, (value, msg):
raise xmlrpclib.Fault(value, msg)
return ipautil.unwrap_binary_data(result)
def add_users_to_group(self, users, group):
def add_users_to_group(self, user_uids, group_cn):
"""Add several users to an existing group.
user is a list of the uids of the users to add
group is the cn of the group to be added to
user_uids is a list of the uids of the users to add
Returns a list of the users that were not added.
Returns a list of the user uids that were not added.
"""
server = self.setup_server()
try:
result = server.add_users_to_group(ipautil.wrap_binary_data(users),
ipautil.wrap_binary_data(group))
result = server.add_users_to_group(user_uids, group_cn)
except xmlrpclib.Fault, fault:
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
except socket.error, (value, msg):
raise xmlrpclib.Fault(value, msg)
return ipautil.unwrap_binary_data(result)
def remove_user_from_group(self, user, group):
def remove_user_from_group(self, user_uid, group_cn):
"""Remove a user from an existing group.
user is a uid of the user to remove
group is the cn of the group to be removed from
"""
server = self.setup_server()
try:
result = server.remove_user_from_group(ipautil.wrap_binary_data(user),
ipautil.wrap_binary_data(group))
result = server.remove_user_from_group(user_uid, group_cn)
except xmlrpclib.Fault, fault:
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
except socket.error, (value, msg):
@ -376,18 +425,15 @@ class RPCClient:
return ipautil.unwrap_binary_data(result)
def remove_users_from_group(self, users, group):
def remove_users_from_group(self, user_uids, group_cn):
"""Remove several users from an existing group.
user is a list of the uids of the users to remove
group is the cn of the group to be removed from
user_uids is a list of the uids of the users to remove
Returns a list of the users that were not removed.
Returns a list of the user uids that were not removed.
"""
server = self.setup_server()
try:
result = server.remove_users_from_group(
ipautil.wrap_binary_data(users),
ipautil.wrap_binary_data(group))
result = server.remove_users_from_group(user_uids, group_cn)
except xmlrpclib.Fault, fault:
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
except socket.error, (value, msg):

2
ipa-server/ipaserver/ipaldap.py
View File

@ -215,7 +215,7 @@ class IPAdmin(SimpleLDAPObject):
out this way so that we can call them from places other than
instance creation e.g. when we just need to reconnect, not create a
new instance"""
if debug.lower() == "on":
if debug and debug.lower() == "on":
ldap.set_option(ldap.OPT_DEBUG_LEVEL,255)
if cacert is not None:
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,cacert)

138
ipa-server/xmlrpc-server/funcs.py
View File

@ -66,6 +66,8 @@ class IPAConnPool:
return conn
def releaseConn(self, conn):
if conn is None:
return
# We can't re-use SASL connections. If proxydn is None it means
# we have a Kerberos credentails cache set. See ipaldap.set_krbccache
if conn.proxydn is None:
@ -716,27 +718,24 @@ class IPAServer:
return groups
def add_user_to_group(self, user, group, opts=None):
"""Add a user to an existing group.
user is a uid of the user to add
group is the cn of the group to be added to
def add_member_to_group(self, member_dn, group_cn, opts=None):
"""Add a member to an existing group.
"""
old_group = self.get_group_by_cn(group, None, opts)
old_group = self.get_group_by_cn(group_cn, None, opts)
if old_group is None:
raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)
new_group = copy.deepcopy(old_group)
user_dn = self.get_user_by_uid(user, ['dn', 'uid', 'objectclass'], opts)
if user_dn is None:
raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)
# check to make sure member_dn exists
member_entry = self.__get_entry(member_dn, "(objectClass=*)", ['dn','uid'], opts)
if new_group.get('uniquemember') is not None:
if ((isinstance(new_group.get('uniquemember'), str)) or (isinstance(new_group.get('uniquemember'), unicode))):
new_group['uniquemember'] = [new_group['uniquemember']]
new_group['uniquemember'].append(user_dn['dn'])
new_group['uniquemember'].append(member_dn)
else:
new_group['uniquemember'] = user_dn['dn']
new_group['uniquemember'] = member_dn
try:
ret = self.__update_entry(old_group, new_group, opts)
@ -744,50 +743,44 @@ class IPAServer:
raise
return ret
def add_users_to_group(self, users, group, opts=None):
"""Given a list of user uid's add them to the group cn denoted by group
Returns a list of the users were not added to the group.
def add_members_to_group(self, member_dns, group_cn, opts=None):
"""Given a list of dn's, add them to the group cn denoted by group
Returns a list of the member_dns that were not added to the group.
"""
failed = []
if (isinstance(users, str)):
users = [users]
if (isinstance(member_dns, str)):
member_dns = [member_dns]
for user in users:
for member_dn in member_dns:
try:
self.add_user_to_group(user, group, opts)
self.add_member_to_group(member_dn, group_cn, opts)
except ipaerror.exception_for(ipaerror.LDAP_EMPTY_MODLIST):
# User is already in the group
failed.append(user)
failed.append(member_dn)
except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
# User or the group does not exist
failed.append(user)
failed.append(member_dn)
return failed
def remove_user_from_group(self, user, group, opts=None):
"""Remove a user from an existing group.
user is a uid of the user to remove
group is the cn of the group to be removed from
def remove_member_from_group(self, member_dn, group_cn, opts=None):
"""Remove a member_dn from an existing group.
"""
old_group = self.get_group_by_cn(group, None, opts)
old_group = self.get_group_by_cn(group_cn, None, opts)
if old_group is None:
raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)
new_group = copy.deepcopy(old_group)
user_dn = self.get_user_by_uid(user, ['dn', 'uid', 'objectclass'], opts)
if user_dn is None:
raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)
if new_group.get('uniquemember') is not None:
if ((isinstance(new_group.get('uniquemember'), str)) or (isinstance(new_group.get('uniquemember'), unicode))):
new_group['uniquemember'] = [new_group['uniquemember']]
try:
new_group['uniquemember'].remove(user_dn['dn'])
new_group['uniquemember'].remove(member_dn)
except ValueError:
# User is not in the group
# member is not in the group
# FIXME: raise more specific error?
raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)
else:
@ -801,26 +794,89 @@ class IPAServer:
raise
return ret
def remove_users_from_group(self, users, group, opts=None):
"""Given a list of user uid's remove them from the group cn denoted
by group
Returns a list of the users were not removed from the group.
def remove_members_from_group(self, member_dns, group_cn, opts=None):
"""Given a list of member dn's remove them from the group.
Returns a list of the members not removed from the group.
"""
failed = []
if (isinstance(users, str)):
users = [users]
if (isinstance(member_dns, str)):
member_dns = [member_dns]
for user in users:
for member_dn in member_dns:
try:
self.remove_user_from_group(user, group, opts)
self.remove_member_from_group(member_dn, group_cn, opts)
except ipaerror.exception_for(ipaerror.LDAP_EMPTY_MODLIST):
# User is not in the group
failed.append(user)
# member is not in the group
failed.append(member_dn)
except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
# member_dn or the group does not exist
failed.append(member_dn)
return failed
def add_user_to_group(self, user_uid, group_cn, opts=None):
"""Add a user to an existing group.
"""
user = self.get_user_by_uid(user_uid, ['dn', 'uid', 'objectclass'], opts)
if user is None:
raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)
return self.add_member_to_group(user['dn'], group_cn, opts)
def add_users_to_group(self, user_uids, group_cn, opts=None):
"""Given a list of user uid's add them to the group cn denoted by group
Returns a list of the users were not added to the group.
"""
failed = []
if (isinstance(user_uids, str)):
user_uids = [user_uids]
for user_uid in user_uids:
try:
self.add_user_to_group(user_uid, group_cn, opts)
except ipaerror.exception_for(ipaerror.LDAP_EMPTY_MODLIST):
# User is already in the group
failed.append(user_uid)
except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
# User or the group does not exist
failed.append(user)
failed.append(user_uid)
return failed
def remove_user_from_group(self, user_uid, group_cn, opts=None):
"""Remove a user from an existing group.
"""
user = self.get_user_by_uid(user_uid, ['dn', 'uid', 'objectclass'], opts)
if user is None:
raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)
return self.remove_member_from_group(user['dn'], group_cn, opts)
def remove_users_from_group(self, user_uids, group_cn, opts=None):
"""Given a list of user uid's remove them from the group
Returns a list of the user uids not removed from the group.
"""
failed = []
if (isinstance(user_uids, str)):
user_uids = [user_uids]
for user_uid in user_uids:
try:
self.remove_user_from_group(user_uid, group_cn, opts)
except ipaerror.exception_for(ipaerror.LDAP_EMPTY_MODLIST):
# User is not in the group
failed.append(user_uid)
except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
# User or the group does not exist
failed.append(user_uid)
return failed

4
ipa-server/xmlrpc-server/ipaxmlrpc.py
View File

@ -330,6 +330,10 @@ def handler(req, profiling=False):
h.register_function(f.get_groups_by_member)
h.register_function(f.add_group)
h.register_function(f.find_groups)
h.register_function(f.add_member_to_group)
h.register_function(f.add_members_to_group)
h.register_function(f.remove_member_from_group)
h.register_function(f.remove_members_from_group)
h.register_function(f.add_user_to_group)
h.register_function(f.add_users_to_group)
h.register_function(f.add_group_to_group)