Set labels on all attributes in the config object.

Make the cert subject base read-only. This is here only so replicated servers know their base. ticket 466
2025-02-25 18:55:28 -06:00 · 2010-12-01 17:48:41 -05:00
parent bfaea1dd78
commit 1a20d75421
2 changed files with 36 additions and 2 deletions
--- a/install/share/default-aci.ldif
+++ b/install/share/default-aci.ldif
@@ -18,7 +18,7 @@ changetype: modify
 add: aci
 aci: (targetattr = "givenName || sn || cn || displayName || title || initials || loginShell || gecos || homePhone || mobile || pager || facsimileTelephoneNumber || telephoneNumber || street || roomNumber || l || st || postalCode || manager || secretary || description || carLicense || labeledURI || inetUserHTTPURL || seeAlso || employeeType  || businessCategory || ou")(version 3.0;acl "Self service";allow (write) userdn = "ldap:///self";)

-dn: cn=ipaConfig,cn=etc,$SUFFIX
+dn: cn=etc,$SUFFIX
 changetype: modify
 add: aci
 aci: (targetfilter = "(objectClass=ipaGuiConfig)")(targetattr != "aci")(version 3.0;acl "Admins can change GUI config"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX";)
--- a/ipalib/plugins/config.py
+++ b/ipalib/plugins/config.py
@@ -49,8 +49,19 @@ how many records may be returned on a given search.
 Server Configuration.

  --enable-migration=BOOL Enable migration mode
-  --subject=STR           Base for certificate subjects (OU=Test,O=Example)
+  --pwdexpnotify=INT      Password Expiration Notification (days)

+The password notification value is stored here so it will be replicated.
+It is not currently used to notify users in advance of an expiring
+password.
+
+Some attributes are read-only, provided for information purposes. These
+include:
+
+Certificate Subject base: the configured certificate subject base,
+  e.g. O=EXAMPLE.COM.  This is configurable only at install time.
+Password plugin features: currently defines additional hashes that the
+  password will generate (there may be other conditions).
 """

 from ipalib import api
@@ -130,6 +141,29 @@ class config(LDAPObject):
            cli_name='subject',
            label=_('Certificate Subject base'),
            doc=_('Base for certificate subjects (OU=Test,O=Example)'),
+            flags=['no_update'],
+        ),
+        List('ipagroupobjectclasses?',
+            cli_name='groupobjectclasses',
+            label=_('Default group objectclasses'),
+            doc=_('Default group objectclassses (comma-separated list)'),
+        ),
+        List('ipauserobjectclasses?',
+            cli_name='userobjectclasses',
+            label=_('Default user objectclasses'),
+            doc=_('Default user objectclassses (comma-separated list)'),
+        ),
+        Int('ipapwdexpadvnotify?',
+            cli_name='pwdexpnotify',
+            label=_('Password Expiration Notification'),
+            doc=_('Password Expiration Notification (days)'),
+            minvalue=0,
+        ),
+        Str('ipaconfigstring?',
+            cli_name='ipaconfigstring',
+            label=_('Password plugin features'),
+            doc=_('Extra hashes to generate in password plugin'),
+            flags=['no_update'],
        ),
    )