mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
Add new command compat-is-enabled
Add a new API command 'compat-is-enabled' which can be used to determine whether Schema Compatibility plugin is configured to serve trusted domain users and groups. The new command is not visible in IPA CLI. https://fedorahosted.org/freeipa/ticket/3671 https://fedorahosted.org/freeipa/ticket/3672
This commit is contained in:
parent
efe5a96725
commit
6e28e709ed
4
API.txt
4
API.txt
@ -490,6 +490,10 @@ args: 1,1,1
|
||||
arg: Str('request_id')
|
||||
option: Str('version?', exclude='webui')
|
||||
output: Output('result', None, None)
|
||||
command: compat_is_enabled
|
||||
args: 0,1,1
|
||||
option: Str('version?', exclude='webui')
|
||||
output: Output('result', None, None)
|
||||
command: config_mod
|
||||
args: 0,24,3
|
||||
option: Str('addattr*', cli_name='addattr', exclude='webui')
|
||||
|
2
VERSION
2
VERSION
@ -89,4 +89,4 @@ IPA_DATA_VERSION=20100614120000
|
||||
# #
|
||||
########################################################
|
||||
IPA_API_VERSION_MAJOR=2
|
||||
IPA_API_VERSION_MINOR=63
|
||||
IPA_API_VERSION_MINOR=64
|
||||
|
@ -990,3 +990,47 @@ class adtrust_is_enabled(Command):
|
||||
return dict(result=True)
|
||||
|
||||
api.register(adtrust_is_enabled)
|
||||
|
||||
|
||||
class compat_is_enabled(Command):
|
||||
NO_CLI = True
|
||||
|
||||
__doc__ = _('Determine whether Schema Compatibility plugin is configured '
|
||||
'to serve trusted domain users and groups')
|
||||
|
||||
def execute(self, *keys, **options):
|
||||
ldap = self.api.Backend.ldap2
|
||||
users_dn = DN(
|
||||
('cn', 'users'),
|
||||
('cn', 'Schema Compatibility'),
|
||||
('cn', 'plugins'),
|
||||
('cn', 'config')
|
||||
)
|
||||
groups_dn = DN(
|
||||
('cn', 'groups'),
|
||||
('cn', 'Schema Compatibility'),
|
||||
('cn', 'plugins'),
|
||||
('cn', 'config')
|
||||
)
|
||||
|
||||
try:
|
||||
users_entry = ldap.get_entry(users_dn)
|
||||
except errors.NotFound:
|
||||
return dict(result=False)
|
||||
|
||||
attr = users_entry.get('schema-compat-lookup-nsswitch')
|
||||
if not attr or 'user' not in attr:
|
||||
return dict(result=False)
|
||||
|
||||
try:
|
||||
groups_entry = ldap.get_entry(groups_dn)
|
||||
except errors.NotFound:
|
||||
return dict(result=False)
|
||||
|
||||
attr = groups_entry.get('schema-compat-lookup-nsswitch')
|
||||
if not attr or 'group' not in attr:
|
||||
return dict(result=False)
|
||||
|
||||
return dict(result=True)
|
||||
|
||||
api.register(compat_is_enabled)
|
||||
|
Loading…
Reference in New Issue
Block a user