IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

idview: add domain_resolution_order attribute

Browse Source 
`idview-add` and `idview-mod` can now set and validate the attribute.
The required objectclass is added on-demand after modification

https://pagure.io/freeipa/issue/6372

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
Martin Babinsky 2017-03-09 19:02:49 +01:00 committed by Martin Basti
parent 1b5f56d154
commit 544d66b710
4 changed files with 38 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ACI.txt
View File

@ -183,7 +183,7 @@ aci: (targetattr = "createtimestamp || description || entryusn || gecos || gidnu
dn: cn=ranges,cn=etc,dc=ipa,dc=example dn: cn=ranges,cn=etc,dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || entryusn || ipabaseid || ipabaserid || ipaidrangesize || ipanttrusteddomainsid || iparangetype || ipasecondarybaserid || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaidrange)")(version 3.0;acl "permission:System: Read ID Ranges";allow (compare,read,search) userdn = "ldap:///all";) aci: (targetattr = "cn || createtimestamp || entryusn || ipabaseid || ipabaserid || ipaidrangesize || ipanttrusteddomainsid || iparangetype || ipasecondarybaserid || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaidrange)")(version 3.0;acl "permission:System: Read ID Ranges";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=views,cn=accounts,dc=ipa,dc=example dn: cn=views,cn=accounts,dc=ipa,dc=example
aci: (targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || objectclass")(targetfilter = "(objectclass=nsContainer)")(version 3.0;acl "permission:System: Read ID Views";allow (compare,read,search) userdn = "ldap:///all";) aci: (targetattr = "cn || createtimestamp || description || entryusn || ipadomainresolutionorder || modifytimestamp || objectclass")(targetfilter = "(objectclass=nsContainer)")(version 3.0;acl "permission:System: Read ID Views";allow (compare,read,search) userdn = "ldap:///all";)
dn: cn=IPA.EXAMPLE,cn=kerberos,dc=ipa,dc=example dn: cn=IPA.EXAMPLE,cn=kerberos,dc=ipa,dc=example
aci: (targetattr = "createtimestamp || entryusn || krbdefaultencsalttypes || krbmaxrenewableage || krbmaxticketlife || krbsupportedencsalttypes || modifytimestamp || objectclass")(targetfilter = "(objectclass=krbticketpolicyaux)")(version 3.0;acl "permission:System: Read Default Kerberos Ticket Policy";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Default Kerberos Ticket Policy,cn=permissions,cn=pbac,dc=ipa,dc=example";) aci: (targetattr = "createtimestamp || entryusn || krbdefaultencsalttypes || krbmaxrenewableage || krbmaxticketlife || krbsupportedencsalttypes || modifytimestamp || objectclass")(targetfilter = "(objectclass=krbticketpolicyaux)")(version 3.0;acl "permission:System: Read Default Kerberos Ticket Policy";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Default Kerberos Ticket Policy,cn=permissions,cn=pbac,dc=ipa,dc=example";)
dn: cn=users,cn=accounts,dc=ipa,dc=example dn: cn=users,cn=accounts,dc=ipa,dc=example

6
API.txt
View File

@ -3038,11 +3038,12 @@ output: Entry('result')
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>]) output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: PrimaryKey('value') output: PrimaryKey('value')
command: idview_add/1 command: idview_add/1
args: 1,6,3 args: 1,7,3
arg: Str('cn', cli_name='name') arg: Str('cn', cli_name='name')
option: Str('addattr*', cli_name='addattr') option: Str('addattr*', cli_name='addattr')
option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('all', autofill=True, cli_name='all', default=False)
option: Str('description?', cli_name='desc') option: Str('description?', cli_name='desc')
option: Str('ipadomainresolutionorder?', cli_name='domain_resolution_order')
option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Str('setattr*', cli_name='setattr') option: Str('setattr*', cli_name='setattr')
option: Str('version?') option: Str('version?')
@ -3083,12 +3084,13 @@ output: ListOfEntries('result')
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>]) output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: Output('truncated', type=[<type 'bool'>]) output: Output('truncated', type=[<type 'bool'>])
command: idview_mod/1 command: idview_mod/1
args: 1,9,3 args: 1,10,3
arg: Str('cn', cli_name='name') arg: Str('cn', cli_name='name')
option: Str('addattr*', cli_name='addattr') option: Str('addattr*', cli_name='addattr')
option: Flag('all', autofill=True, cli_name='all', default=False) option: Flag('all', autofill=True, cli_name='all', default=False)
option: Str('delattr*', cli_name='delattr') option: Str('delattr*', cli_name='delattr')
option: Str('description?', autofill=False, cli_name='desc') option: Str('description?', autofill=False, cli_name='desc')
option: Str('ipadomainresolutionorder?', autofill=False, cli_name='domain_resolution_order')
option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Str('rename?', cli_name='rename') option: Str('rename?', cli_name='rename')
option: Flag('rights', autofill=True, default=False) option: Flag('rights', autofill=True, default=False)

4
VERSION.m4
View File

@ -73,8 +73,8 @@ define(IPA_DATA_VERSION, 20100614120000)
# # # #
######################################################## ########################################################
define(IPA_API_VERSION_MAJOR, 2) define(IPA_API_VERSION_MAJOR, 2)
define(IPA_API_VERSION_MINOR, 222) define(IPA_API_VERSION_MINOR, 223)
>>>>>>> ipaconfig: add the ability to manipulate domain resolution order # Last change: Add domain resolution order to ID views
######################################################## ########################################################

33
ipaserver/plugins/idviews.py
View File

@ -95,7 +95,8 @@ class idview(LDAPObject):
object_name = _('ID View') object_name = _('ID View')
object_name_plural = _('ID Views') object_name_plural = _('ID Views')
object_class = ['ipaIDView', 'top'] object_class = ['ipaIDView', 'top']
default_attributes = ['cn', 'description'] possible_objectclasses = ['ipaNameResolutionData']
default_attributes = ['cn', 'description', 'ipadomainresolutionorder']
rdn_is_primary_key = True rdn_is_primary_key = True
label = _('ID Views') label = _('ID Views')
@ -123,6 +124,14 @@ class idview(LDAPObject):
label=_('Hosts the view applies to'), label=_('Hosts the view applies to'),
flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'}, flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'},
), ),
Str(
'ipadomainresolutionorder?',
cli_name='domain_resolution_order',
label=_('Domain resolution order'),
doc=_('colon-separated list of domains used for short name'
' qualification'),
flags={'no_search'}
)
) )
permission_filter_objectclasses = ['nsContainer'] permission_filter_objectclasses = ['nsContainer']
@ -131,17 +140,34 @@ class idview(LDAPObject):
'ipapermbindruletype': 'all', 'ipapermbindruletype': 'all',
'ipapermright': {'read', 'search', 'compare'}, 'ipapermright': {'read', 'search', 'compare'},
'ipapermdefaultattr': { 'ipapermdefaultattr': {
'cn', 'description', 'objectClass', 'cn', 'description', 'ipadomainresolutionorder', 'objectClass',
}, },
}, },
} }
def ensure_possible_objectclasses(self, ldap, dn, entry_attrs):
orig_entry_attrs = ldap.get_entry(dn, ['objectclass'])
orig_objectclasses = {
o.lower() for o in orig_entry_attrs.get('objectclass', [])}
entry_attrs['objectclass'] = orig_entry_attrs['objectclass']
for obj_class_name in self.possible_objectclasses:
if obj_class_name.lower() not in orig_objectclasses:
entry_attrs['objectclass'].append(obj_class_name)
@register() @register()
class idview_add(LDAPCreate): class idview_add(LDAPCreate):
__doc__ = _('Add a new ID View.') __doc__ = _('Add a new ID View.')
msg_summary = _('Added ID View "%(value)s"') msg_summary = _('Added ID View "%(value)s"')
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
self.api.Object.config.validate_domain_resolution_order(entry_attrs)
return dn
@register() @register()
class idview_del(LDAPDelete): class idview_del(LDAPDelete):
@ -166,6 +192,9 @@ class idview_mod(LDAPUpdate):
if key.lower() == DEFAULT_TRUST_VIEW_NAME: if key.lower() == DEFAULT_TRUST_VIEW_NAME:
raise protected_default_trust_view_error raise protected_default_trust_view_error
self.api.Object.config.validate_domain_resolution_order(entry_attrs)
self.obj.ensure_possible_objectclasses(ldap, dn, entry_attrs)
return dn return dn