Fix LDAP object parameter encoding

Parameters in LDAP objects missed an information if they are real LDAP attributes or not. Real LDAP attributes are written to entry_attrs dictionary in plugin callbacks and are being encoded. This causes issues when plugin callbacks does not expect that the parameters values are already encoded for submission to LDAP. This patch introduces a new flag "noattribute" used to mark that a parameter is not an LDAP attribute and thus should not be encoded or added to entry_attrs. Param documentation is improved to describe the meaning of this and other Param flags or attributes. https://fedorahosted.org/freeipa/ticket/2097
2025-02-25 18:55:28 -06:00 · 2011-11-14 17:03:44 +01:00
parent 714b0d11ec
commit 2a3a4ae64a
7 changed files with 149 additions and 86 deletions
--- a/ipalib/plugins/host.py
+++ b/ipalib/plugins/host.py
@@ -290,12 +290,12 @@ class host(LDAPObject):
        ),
        Flag('random?',
            doc=_('Generate a random password to be used in bulk enrollment'),
-            flags=['no_search'],
+            flags=('no_search', 'virtual_attribute'),
            default=False,
        ),
        Str('randompassword?',
            label=_('Random password'),
-            flags=['no_create', 'no_update', 'no_search'],
+            flags=('no_create', 'no_update', 'no_search', 'virtual_attribute'),
        ),
        Bytes('usercertificate?', validate_certificate,
            cli_name='certificate',
@@ -432,12 +432,10 @@ class host_add(LDAPCreate):
                entry_attrs['objectclass'].remove('krbprincipalaux')
            if 'krbprincipal' in entry_attrs['objectclass']:
                entry_attrs['objectclass'].remove('krbprincipal')
-        if 'random' in options:
-            if options.get('random'):
-                entry_attrs['userpassword'] = ipa_generate_password()
-                # save the password so it can be displayed in post_callback
-                setattr(context, 'randompassword', entry_attrs['userpassword'])
-            del entry_attrs['random']
+        if options.get('random'):
+            entry_attrs['userpassword'] = ipa_generate_password()
+            # save the password so it can be displayed in post_callback
+            setattr(context, 'randompassword', entry_attrs['userpassword'])
        cert = options.get('usercertificate')
        if cert:
            cert = x509.normalize_certificate(cert)
@@ -680,11 +678,9 @@ class host_mod(LDAPUpdate):
                        raise nsprerr

            entry_attrs['usercertificate'] = cert
-        if 'random' in options:
-            if options.get('random'):
-                entry_attrs['userpassword'] = ipa_generate_password()
-                setattr(context, 'randompassword', entry_attrs['userpassword'])
-            del entry_attrs['random']
+        if options.get('random'):
+            entry_attrs['userpassword'] = ipa_generate_password()
+            setattr(context, 'randompassword', entry_attrs['userpassword'])

        return dn