Utilize user and group objectclass lists in cn=ipaconfig

Change the syntax on user and group objectclasses in cn=ipaconfig
2025-02-16 18:35:01 -06:00 · 2007-12-06 00:30:26 -05:00 · 2007-12-06 00:30:26 -05:00 · 6ea3d9610e
commit 6ea3d9610e
parent ca118de76c
3 changed files with 36 additions and 6 deletions
--- a/ipa-server/ipa-install/share/60ipaconfig.ldif
+++ b/ipa-server/ipa-install/share/60ipaconfig.ldif
@ -30,9 +30,9 @@ attributetypes: ( 2.16.840.1.113730.3.8.1.9 NAME 'ipaMaxUsernameLength' EQUALITY
 ## ipaPwdExpAdvNotify - time in days to send out paswword expiration notification before passwpord actually expires
 attributetypes: ( 2.16.840.1.113730.3.8.1.10 NAME 'ipaPwdExpAdvNotify' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
 # ipaUserObjectClasses - required objectclasses for users
-attributetypes: ( 2.16.840.1.113730.3.8.1.11 NAME 'ipaUserObjectClasses' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27)
+attributetypes: ( 2.16.840.1.113730.3.8.1.11 NAME 'ipaUserObjectClasses' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
 # ipaGroupObjectClasses - required objectclasses for groups
-attributetypes: ( 2.16.840.1.113730.3.8.1.12 NAME 'ipaGroupObjectClasses' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27)
+attributetypes: ( 2.16.840.1.113730.3.8.1.12 NAME 'ipaGroupObjectClasses' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
 ###############################################
 ##
 ## ObjectClasses
--- a/ipa-server/ipa-install/share/bootstrap-template.ldif
+++ b/ipa-server/ipa-install/share/bootstrap-template.ldif
@ -123,6 +123,18 @@ ipaDefaultLoginShell: /bin/sh
 ipaDefaultPrimaryGroup: ipausers
 ipaMaxUsernameLength: 8
 ipaPwdExpAdvNotify: 4
+ipaGroupObjectClasses: top
+ipaGroupObjectClasses: groupofnames
+ipaGroupObjectClasses: posixGroup
+ipaGroupObjectClasses: inetUser
+ipaUserObjectClasses: top
+ipaUserObjectClasses: person
+ipaUserObjectClasses: organizationalPerson
+ipaUserObjectClasses: inetOrgPerson
+ipaUserObjectClasses: inetUser
+ipaUserObjectClasses: posixAccount
+ipaUserObjectClasses: krbPrincipalAux
+ipaUserObjectClasses: radiusprofile

 dn: cn=account inactivation,cn=accounts,$SUFFIX
 changetype: add
--- a/ipa-server/xmlrpc-server/funcs.py
+++ b/ipa-server/xmlrpc-server/funcs.py
@ -506,8 +506,7 @@ class IPAServer:
            del user['gn']

        # some required objectclasses
-        entry.setValues('objectClass', 'top', 'person', 'organizationalPerson',
-                'inetOrgPerson', 'inetUser', 'posixAccount', 'krbPrincipalAux', 'radiusprofile')
+        entry.setValues('objectClass', (config.get('ipauserobjectclasses')))

        # fill in our new entry with everything sent by the user
        for u in user:
@ -719,6 +718,12 @@ class IPAServer:
            finally:
                self.releaseConnection(conn)

+        # Get our configuration
+        config = self.get_ipa_config(opts)
+
+        # Make sure we have the latest object classes
+        newentry['objectclass'] = uniq_list(newentry.get('objectclass') + config.get('ipauserobjectclasses'))
+        
        try:
           rv = self.update_entry(oldentry, newentry, opts)
           return rv
@ -878,13 +883,15 @@ class IPAServer:
        if self.__is_group_unique(group['cn'], opts) == 0:
            raise ipaerror.gen_exception(ipaerror.LDAP_DUPLICATE)

+        # Get our configuration
+        config = self.get_ipa_config(opts)
+
        dn="cn=%s,%s,%s" % (ldap.dn.escape_dn_chars(group['cn']),
                            group_container,self.basedn)
        entry = ipaserver.ipaldap.Entry(dn)

        # some required objectclasses
-        entry.setValues('objectClass', 'top', 'groupofnames', 'posixGroup',
-                        'inetUser')
+        entry.setValues('objectClass', (config.get('ipagroupobjectclasses')))

        # No need to explicitly set gidNumber. The dna_plugin will do this
        # for us if the value isn't provided by the user.
@ -1226,6 +1233,12 @@ class IPAServer:
            finally:
                self.releaseConnection(conn)

+        # Get our configuration
+        config = self.get_ipa_config(opts)
+
+        # Make sure we have the latest object classes
+        newentry['objectclass'] = uniq_list(newentry.get('objectclass') + config.get('ipauserobjectclasses'))
+
        try:
           rv = self.update_entry(oldentry, newentry, opts)
           return rv
@ -1590,3 +1603,8 @@ def ldap_search_escape(match):
        return r'\00'
    else:
        return value
+
+def uniq_list(x):
+    """Return a unique list, preserving order and ignoring case"""
+    set = {}
+    return [set.setdefault(e,e) for e in x if e.lower() not in set]