Implement the password policy UI and finish IPA policy UI

This includes a default password policy Custom fields are now read from LDAP. The format is a list of dicts with keys: label, field, required. The LDAP-based configuration now specifies: ipaUserSearchFields: uid,givenName,sn,telephoneNumber,ou,title ipaGroupSearchFields: cn,description ipaSearchTimeLimit: 2 ipaSearchRecordsLimit: 0 ipaCustomFields: ipaHomesRootDir: /home ipaDefaultLoginShell: /bin/sh ipaDefaultPrimaryGroup: ipausers ipaMaxUsernameLength: 8 ipaPwdExpAdvNotify: 4 This could use some optimization.
2025-02-25 18:55:28 -06:00 · 2007-11-16 12:59:32 -05:00
parent 0a3ed69746
commit 1967aafa39
14 changed files with 610 additions and 156 deletions
--- a/ipa-server/ipa-gui/ipagui/forms/ipapolicy.py
+++ b/ipa-server/ipa-gui/ipagui/forms/ipapolicy.py
@@ -2,25 +2,49 @@ import turbogears
 from turbogears import validators, widgets

 class IPAPolicyFields():
-    searchlimit = widgets.TextField(name="searchlimit", label="Search Time Limit (sec.)", attrs=dict(size=6,maxlength=6))
-    maxuidlength = widgets.TextField(name="maxuidlength", label="Max. UID Length", attrs=dict(size=3,maxlength=3))
-    passwordnotif = widgets.TextField(name="passwordnotif", label="Password Expiration Notification (days)", attrs=dict(size=3,maxlength=3))
-    homedir = widgets.TextField(name="homedir", label="Root for Home Directories")
-    defaultshell = widgets.TextField(name="defaultshell", label="Default shell")
-    defaultgroup = widgets.TextField(name="defaultgroup", label="Default Users group")
+    # From cn=ipaConfig
+    ipausersearchfields =  widgets.TextField(name="ipausersearchfields", label="User Search Fields")
+    ipagroupsearchfields =  widgets.TextField(name="ipagroupsearchfields", label="Group Search Fields")
+    ipasearchtimelimit = widgets.TextField(name="ipasearchtimelimit", label="Search Time Limit (sec.)", attrs=dict(size=6,maxlength=6))
+    ipasearchrecordslimit = widgets.TextField(name="ipasearchrecordslimit", label="Search Records Limit", attrs=dict(size=6,maxlength=6))
+    ipahomesrootdir = widgets.TextField(name="ipahomesrootdir", label="Root for Home Directories")
+    ipadefaultloginshell = widgets.TextField(name="ipadefaultloginshell", label="Default shell")
+    ipadefaultprimarygroup = widgets.TextField(name="ipadefaultprimarygroup", label="Default Users group")
+    ipamaxusernamelength = widgets.TextField(name="ipamaxusernamelength", label="Max. Username Length", attrs=dict(size=3,maxlength=3))
+    ipapwdexpadvnotify = widgets.TextField(name="ipapwdexpadvnotify", label="Password Expiration Notification (days)", attrs=dict(size=3,maxlength=3))
+
+    ipapolicy_orig = widgets.HiddenField(name="ipapolicy_orig")
+
+    # From cn=accounts
+    krbmaxpwdlife = widgets.TextField(name="krbmaxpwdlife", label="Max. Password Lifetime", attrs=dict(size=3,maxlength=3))
+    krbminpwdlife = widgets.TextField(name="krbminpwdlife", label="Min. Password Lifetime", attrs=dict(size=3,maxlength=3))
+    krbpwdmindiffchars = widgets.TextField(name="krbpwdmindiffchars", label="Min. number of character classes", attrs=dict(size=3,maxlength=3))
+    krbpwdminlength = widgets.TextField(name="krbpwdminlength", label="Min. Length of password", attrs=dict(size=3,maxlength=3))
+    krbpwdhistorylength = widgets.TextField(name="krbpwdhistorylength", label="Password History size", attrs=dict(size=3,maxlength=3))
+
+    password_orig = widgets.HiddenField(name="password_orig")

 class IPAPolicyValidator(validators.Schema):
-    searchlimit = validators.Number(not_empty=True)
-    maxuidlength = validators.Number(not_empty=True)
-    passwordnotif = validators.Number(not_empty=True)
-    homedir = validators.String(not_empty=True)
-    defaultshell = validators.String(not_empty=True)
-    defaultgroup = validators.String(not_empty=True)
+    ipausersearchfields = validators.String(not_empty=True)
+    ipagroupsearchfields = validators.String(not_empty=True)
+    ipasearchtimelimit = validators.Number(not_empty=True)
+    ipasearchrecordslimit = validators.Number(not_empty=True)
+    ipamaxusernamelength = validators.Number(not_empty=True)
+    ipapwdexpadvnotify = validators.Number(not_empty=True)
+    ipahomesrootdir = validators.String(not_empty=True)
+    ipadefaultloginshell = validators.String(not_empty=True)
+    ipadefaultprimarygroup = validators.String(not_empty=True)
+    krbmaxpwdlife = validators.Number(not_empty=True)
+    krbminpwdlife = validators.Number(not_empty=True)
+    krbpwdmindiffchars = validators.Number(not_empty=True)
+    krbpwdminlength = validators.Number(not_empty=True)
+    krbpwdhistorylength = validators.Number(not_empty=True)

 class IPAPolicyForm(widgets.Form):
    params = ['ipapolicy_fields']

    hidden_fields = [
+        IPAPolicyFields.ipapolicy_orig, IPAPolicyFields.password_orig
    ]

    validator = IPAPolicyValidator()