mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
Add support for managing user auth types
https://fedorahosted.org/freeipa/ticket/3368
This commit is contained in:
parent
df5f4ee81d
commit
3f85f09a83
12
API.txt
12
API.txt
@ -495,7 +495,7 @@ args: 0,1,1
|
||||
option: Str('version?', exclude='webui')
|
||||
output: Output('result', None, None)
|
||||
command: config_mod
|
||||
args: 0,24,3
|
||||
args: 0,25,3
|
||||
option: Str('addattr*', cli_name='addattr', exclude='webui')
|
||||
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
|
||||
option: Str('delattr*', cli_name='delattr', exclude='webui')
|
||||
@ -514,6 +514,7 @@ option: Int('ipasearchrecordslimit', attribute=True, autofill=False, cli_name='s
|
||||
option: Int('ipasearchtimelimit', attribute=True, autofill=False, cli_name='searchtimelimit', minvalue=-1, multivalue=False, required=False)
|
||||
option: Str('ipaselinuxusermapdefault', attribute=True, autofill=False, cli_name='ipaselinuxusermapdefault', multivalue=False, required=False)
|
||||
option: Str('ipaselinuxusermaporder', attribute=True, autofill=False, cli_name='ipaselinuxusermaporder', multivalue=False, required=False)
|
||||
option: StrEnum('ipauserauthtype', attribute=True, autofill=False, cli_name='user_auth_type', csv=True, multivalue=True, required=False, values=(u'password',))
|
||||
option: Str('ipauserobjectclasses', attribute=True, autofill=False, cli_name='userobjectclasses', csv=True, multivalue=True, required=False)
|
||||
option: IA5Str('ipausersearchfields', attribute=True, autofill=False, cli_name='usersearch', multivalue=False, required=False)
|
||||
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
|
||||
@ -3586,7 +3587,7 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA
|
||||
output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
|
||||
output: Output('value', <type 'unicode'>, None)
|
||||
command: user_add
|
||||
args: 1,35,3
|
||||
args: 1,36,3
|
||||
arg: Str('uid', attribute=True, cli_name='login', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', primary_key=True, required=True)
|
||||
option: Str('addattr*', cli_name='addattr', exclude='webui')
|
||||
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
|
||||
@ -3600,6 +3601,7 @@ option: Str('givenname', attribute=True, cli_name='first', multivalue=False, req
|
||||
option: Str('homedirectory', attribute=True, cli_name='homedir', multivalue=False, required=False)
|
||||
option: Str('initials', attribute=True, autofill=True, cli_name='initials', multivalue=False, required=False)
|
||||
option: Str('ipasshpubkey', attribute=True, cli_name='sshpubkey', csv=True, multivalue=True, required=False)
|
||||
option: StrEnum('ipauserauthtype', attribute=True, cli_name='user_auth_type', csv=True, multivalue=True, required=False, values=(u'password',))
|
||||
option: Str('krbprincipalname', attribute=True, autofill=True, cli_name='principal', multivalue=False, required=False)
|
||||
option: Str('l', attribute=True, cli_name='city', multivalue=False, required=False)
|
||||
option: Str('loginshell', attribute=True, cli_name='shell', multivalue=False, required=False)
|
||||
@ -3649,7 +3651,7 @@ output: Output('result', <type 'bool'>, None)
|
||||
output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
|
||||
output: Output('value', <type 'unicode'>, None)
|
||||
command: user_find
|
||||
args: 1,45,4
|
||||
args: 1,46,4
|
||||
arg: Str('criteria?', noextrawhitespace=False)
|
||||
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
|
||||
option: Str('carlicense', attribute=True, autofill=False, cli_name='carlicense', multivalue=False, query=True, required=False)
|
||||
@ -3666,6 +3668,7 @@ option: Str('in_netgroup*', cli_name='in_netgroups', csv=True)
|
||||
option: Str('in_role*', cli_name='in_roles', csv=True)
|
||||
option: Str('in_sudorule*', cli_name='in_sudorules', csv=True)
|
||||
option: Str('initials', attribute=True, autofill=False, cli_name='initials', multivalue=False, query=True, required=False)
|
||||
option: StrEnum('ipauserauthtype', attribute=True, autofill=False, cli_name='user_auth_type', csv=True, multivalue=True, query=True, required=False, values=(u'password',))
|
||||
option: Str('krbprincipalname', attribute=True, autofill=False, cli_name='principal', multivalue=False, query=True, required=False)
|
||||
option: Str('l', attribute=True, autofill=False, cli_name='city', multivalue=False, query=True, required=False)
|
||||
option: Str('loginshell', attribute=True, autofill=False, cli_name='shell', multivalue=False, query=True, required=False)
|
||||
@ -3701,7 +3704,7 @@ output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list
|
||||
output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
|
||||
output: Output('truncated', <type 'bool'>, None)
|
||||
command: user_mod
|
||||
args: 1,36,3
|
||||
args: 1,37,3
|
||||
arg: Str('uid', attribute=True, cli_name='login', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', primary_key=True, query=True, required=True)
|
||||
option: Str('addattr*', cli_name='addattr', exclude='webui')
|
||||
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
|
||||
@ -3716,6 +3719,7 @@ option: Str('givenname', attribute=True, autofill=False, cli_name='first', multi
|
||||
option: Str('homedirectory', attribute=True, autofill=False, cli_name='homedir', multivalue=False, required=False)
|
||||
option: Str('initials', attribute=True, autofill=False, cli_name='initials', multivalue=False, required=False)
|
||||
option: Str('ipasshpubkey', attribute=True, autofill=False, cli_name='sshpubkey', csv=True, multivalue=True, required=False)
|
||||
option: StrEnum('ipauserauthtype', attribute=True, autofill=False, cli_name='user_auth_type', csv=True, multivalue=True, required=False, values=(u'password',))
|
||||
option: Str('l', attribute=True, autofill=False, cli_name='city', multivalue=False, required=False)
|
||||
option: Str('loginshell', attribute=True, autofill=False, cli_name='shell', multivalue=False, required=False)
|
||||
option: Str('mail', attribute=True, autofill=False, cli_name='email', multivalue=True, required=False)
|
||||
|
2
VERSION
2
VERSION
@ -89,4 +89,4 @@ IPA_DATA_VERSION=20100614120000
|
||||
# #
|
||||
########################################################
|
||||
IPA_API_VERSION_MAJOR=2
|
||||
IPA_API_VERSION_MINOR=65
|
||||
IPA_API_VERSION_MINOR=66
|
||||
|
@ -3,3 +3,4 @@ add:ipaSELinuxUserMapOrder: guest_u:s0$$xguest_u:s0$$user_u:s0$$staff_u:s0-s0:c0
|
||||
add:ipaSELinuxUserMapDefault: unconfined_u:s0-s0:c0.c1023
|
||||
add:ipaUserObjectClasses: ipasshuser
|
||||
remove:ipaConfigString:AllowLMhash
|
||||
add:objectClass: ipaUserAuthTypeClass
|
||||
|
@ -92,6 +92,7 @@ class config(LDAPObject):
|
||||
'ipamigrationenabled', 'ipacertificatesubjectbase',
|
||||
'ipapwdexpadvnotify', 'ipaselinuxusermaporder',
|
||||
'ipaselinuxusermapdefault', 'ipaconfigstring', 'ipakrbauthzdata',
|
||||
'ipauserauthtype'
|
||||
]
|
||||
|
||||
label = _('Configuration')
|
||||
@ -197,6 +198,13 @@ class config(LDAPObject):
|
||||
values=(u'MS-PAC', u'PAD', u'nfs:NONE'),
|
||||
csv=True,
|
||||
),
|
||||
StrEnum('ipauserauthtype*',
|
||||
cli_name='user_auth_type',
|
||||
label=_('Default user authentication types'),
|
||||
doc=_('Default types of supported user authentication'),
|
||||
values=(u'password',),
|
||||
csv=True,
|
||||
),
|
||||
)
|
||||
|
||||
def get_dn(self, *keys, **kwargs):
|
||||
|
@ -24,7 +24,7 @@ import posixpath
|
||||
import os
|
||||
|
||||
from ipalib import api, errors
|
||||
from ipalib import Flag, Int, Password, Str, Bool
|
||||
from ipalib import Flag, Int, Password, Str, Bool, StrEnum
|
||||
from ipalib.plugins.baseldap import *
|
||||
from ipalib.plugins import baseldap
|
||||
from ipalib.request import context
|
||||
@ -198,14 +198,14 @@ class user(LDAPObject):
|
||||
object_name_plural = _('users')
|
||||
object_class = ['posixaccount']
|
||||
object_class_config = 'ipauserobjectclasses'
|
||||
possible_objectclasses = ['meporiginentry']
|
||||
possible_objectclasses = ['meporiginentry', 'ipauserauthtypeclass']
|
||||
disallow_object_classes = ['krbticketpolicyaux']
|
||||
search_attributes_config = 'ipausersearchfields'
|
||||
default_attributes = [
|
||||
'uid', 'givenname', 'sn', 'homedirectory', 'loginshell',
|
||||
'uidnumber', 'gidnumber', 'mail', 'ou',
|
||||
'telephonenumber', 'title', 'memberof', 'nsaccountlock',
|
||||
'memberofindirect',
|
||||
'memberofindirect', 'ipauserauthtype'
|
||||
]
|
||||
search_display_attributes = [
|
||||
'uid', 'givenname', 'sn', 'homedirectory', 'loginshell',
|
||||
@ -365,6 +365,13 @@ class user(LDAPObject):
|
||||
csv=True,
|
||||
flags=['no_search'],
|
||||
),
|
||||
StrEnum('ipauserauthtype*',
|
||||
cli_name='user_auth_type',
|
||||
label=_('User authentication types'),
|
||||
doc=_('Types of supported user authentication'),
|
||||
values=(u'password',),
|
||||
csv=True,
|
||||
),
|
||||
)
|
||||
|
||||
def _normalize_and_validate_email(self, email, config=None):
|
||||
@ -633,14 +640,16 @@ class user_mod(LDAPUpdate):
|
||||
entry_attrs['userpassword'] = ipa_generate_password(user_pwdchars)
|
||||
# save the password so it can be displayed in post_callback
|
||||
setattr(context, 'randompassword', entry_attrs['userpassword'])
|
||||
if 'ipasshpubkey' in entry_attrs:
|
||||
if 'ipasshpubkey' in entry_attrs or 'ipauserauthtype' in entry_attrs:
|
||||
if 'objectclass' in entry_attrs:
|
||||
obj_classes = entry_attrs['objectclass']
|
||||
else:
|
||||
(_dn, _entry_attrs) = ldap.get_entry(dn, ['objectclass'])
|
||||
obj_classes = entry_attrs['objectclass'] = _entry_attrs['objectclass']
|
||||
if 'ipasshuser' not in obj_classes:
|
||||
if 'ipasshpubkey' in entry_attrs and 'ipasshuser' not in obj_classes:
|
||||
obj_classes.append('ipasshuser')
|
||||
if 'ipauserauthtype' in entry_attrs and 'ipauserauthtype' not in obj_classes:
|
||||
obj_classes.append('ipauserauthtypeclass')
|
||||
return dn
|
||||
|
||||
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
|
||||
|
Loading…
Reference in New Issue
Block a user