IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-12 17:21:55 -06:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of git://git.engineering.redhat.com/users/rcritten/freeipa2

Browse Source
This commit is contained in:
Jason Gerard DeRose 2008-10-24 15:11:27 -06:00
commit 39dfffd280
5 changed files with 30 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ipa_server/plugins/b_ldap.py
View File

@ -88,7 +88,7 @@ class ldap(CrudBackend):
attribute = attribute.lower() attribute = attribute.lower()
object_type = None object_type = None
if attribute == "uid": # User if attribute == "uid": # User
object_type = "person" object_type = "posixAccount"
elif attribute == "cn": # Group elif attribute == "cn": # Group
object_type = "posixGroup" object_type = "posixGroup"
elif attribute == "krbprincipalname": # Service elif attribute == "krbprincipalname": # Service

2
ipa_server/servercore.py
View File

@ -168,7 +168,7 @@ def get_user_by_uid(uid, sattrs):
"""Get a specific user's entry.""" """Get a specific user's entry."""
# FIXME: should accept a container to look in # FIXME: should accept a container to look in
# uid = self.__safe_filter(uid) # uid = self.__safe_filter(uid)
searchfilter = "(&(uid=%s)(objectclass=person))" % uid searchfilter = "(&(uid=%s)(objectclass=posixAccount))" % uid
return get_sub_entry("cn=accounts," + api.env.basedn, searchfilter, sattrs) return get_sub_entry("cn=accounts," + api.env.basedn, searchfilter, sattrs)

23
ipalib/plugins/f_host.py
View File

@ -103,6 +103,9 @@ class host_add(crud.Add):
The dn should not be passed as a keyword argument as it is constructed The dn should not be passed as a keyword argument as it is constructed
by this method. by this method.
If password is set then this is considered a 'bulk' host so we
do not create a kerberos service principal.
Returns the entry as it will be created in LDAP. Returns the entry as it will be created in LDAP.
:param hostname: The name of the host being added. :param hostname: The name of the host being added.
@ -110,27 +113,39 @@ class host_add(crud.Add):
""" """
assert 'cn' not in kw assert 'cn' not in kw
assert 'dn' not in kw assert 'dn' not in kw
assert 'krbprincipalname' not in kw
ldap = self.api.Backend.ldap ldap = self.api.Backend.ldap
kw['cn'] = hostname kw['cn'] = hostname
kw['serverhostname'] = hostname.split('.',1)[0] kw['serverhostname'] = hostname.split('.',1)[0]
kw['dn'] = ldap.make_host_dn(hostname) kw['dn'] = ldap.make_host_dn(hostname)
kw['krbPrincipalName'] = "host/%s@%s" % (hostname, self.api.env.realm)
# FIXME: do a DNS lookup to ensure host exists # FIXME: do a DNS lookup to ensure host exists
current = util.get_current_principal() current = util.get_current_principal()
if not current: if not current:
raise errors.NotFound('Unable to determine current user') raise errors.NotFound('Unable to determine current user')
kw['enrolledBy'] = ldap.find_entry_dn("krbPrincipalName", current, "person") kw['enrolledby'] = ldap.find_entry_dn("krbPrincipalName", current, "posixAccount")
# Get our configuration # Get our configuration
config = ldap.get_ipa_config() config = ldap.get_ipa_config()
# some required objectclasses # some required objectclasses
# FIXME: add this attribute to cn=ipaconfig # FIXME: add this attribute to cn=ipaconfig
#kw['objectClass'] = config.get('ipahostobjectclasses') #kw['objectclass'] = config.get('ipahostobjectclasses')
kw['objectClass'] = ['nsHost', 'krbPrincipalAux', 'ipaHost'] kw['objectclass'] = ['nsHost', 'ipaHost']
# Ensure the list of objectclasses is lower-case
kw['objectclass'] = map(lambda z: z.lower(), kw.get('objectclass'))
if not kw.get('userpassword', False):
kw['krbprincipalname'] = "host/%s@%s" % (hostname, self.api.env.realm)
if 'krbprincipalaux' not in kw.get('objectclass'):
kw['objectclass'].append('krbprincipalaux')
else:
if 'krbprincipalaux' in kw.get('objectclass'):
kw['objectclass'].remove('krbprincipalaux')
return ldap.create(**kw) return ldap.create(**kw)
def output_for_cli(self, ret): def output_for_cli(self, ret):

2
ipalib/plugins/f_passwd.py
View File

@ -60,7 +60,7 @@ class passwd(frontend.Command):
else: else:
principal = principal principal = principal
dn = ldap.find_entry_dn("krbprincipalname", principal, "person") dn = ldap.find_entry_dn("krbprincipalname", principal, "posixAccount")
# FIXME: we need a way to prompt for passwords using getpass # FIXME: we need a way to prompt for passwords using getpass
kw['newpass'] = "password" kw['newpass'] = "password"

10
ipalib/plugins/f_service.py
View File

@ -110,7 +110,7 @@ class service_add(crud.Add):
def output_to_cli(self, ret): def output_to_cli(self, ret):
if ret: if ret:
print "Service added" print "Service added"
api.register(service_add) api.register(service_add)
@ -146,7 +146,7 @@ class service_find(crud.Find):
def execute(self, principal, **kw): def execute(self, principal, **kw):
ldap = self.api.Backend.ldap ldap = self.api.Backend.ldap
kw['filter'] = "&(objectclass=krbPrincipalAux)(!(objectClass=person))(!(|(krbprincipalname=kadmin/*)(krbprincipalname=K/M@*)(krbprincipalname=krbtgt/*)))" kw['filter'] = "&(objectclass=krbPrincipalAux)(!(objectClass=posixAccount))(!(|(krbprincipalname=kadmin/*)(krbprincipalname=K/M@*)(krbprincipalname=krbtgt/*)))"
kw['krbprincipalname'] = principal kw['krbprincipalname'] = principal
object_type = ldap.get_object_type("krbprincipalname") object_type = ldap.get_object_type("krbprincipalname")
@ -193,5 +193,11 @@ class service_show(crud.Get):
dn = ldap.find_entry_dn("krbprincipalname", principal) dn = ldap.find_entry_dn("krbprincipalname", principal)
# FIXME: should kw contain the list of attributes to display? # FIXME: should kw contain the list of attributes to display?
return ldap.retrieve(dn) return ldap.retrieve(dn)
def output_for_cli(self, service):
if not service:
return
for a in service.keys():
print "%s: %s" % (a, service[a])
api.register(service_show) api.register(service_show)