Utilize user and group objectclass lists in cn=ipaconfig

Change the syntax on user and group objectclasses in cn=ipaconfig
2025-02-25 18:55:28 -06:00 · 2007-12-06 00:30:26 -05:00 · 2007-12-06 00:30:26 -05:00 · 6ea3d9610e
commit 6ea3d9610e
parent ca118de76c
3 changed files with 36 additions and 6 deletions
--- a/ipa-server/ipa-install/share/60ipaconfig.ldif
+++ b/ipa-server/ipa-install/share/60ipaconfig.ldif
@ -30,9 +30,9 @@ attributetypes: ( 2.16.840.1.113730.3.8.1.9 NAME 'ipaMaxUsernameLength' EQUALITY
 ## ipaPwdExpAdvNotify - time in days to send out paswword expiration notification before passwpord actually expires
 attributetypes: ( 2.16.840.1.113730.3.8.1.10 NAME 'ipaPwdExpAdvNotify' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
 # ipaUserObjectClasses - required objectclasses for users
-attributetypes: ( 2.16.840.1.113730.3.8.1.11 NAME 'ipaUserObjectClasses' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27)
+attributetypes: ( 2.16.840.1.113730.3.8.1.11 NAME 'ipaUserObjectClasses' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
 # ipaGroupObjectClasses - required objectclasses for groups
-attributetypes: ( 2.16.840.1.113730.3.8.1.12 NAME 'ipaGroupObjectClasses' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27)
+attributetypes: ( 2.16.840.1.113730.3.8.1.12 NAME 'ipaGroupObjectClasses' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
 ###############################################
 ##
 ## ObjectClasses
--- a/ipa-server/ipa-install/share/bootstrap-template.ldif
+++ b/ipa-server/ipa-install/share/bootstrap-template.ldif
@ -123,6 +123,18 @@ ipaDefaultLoginShell: /bin/sh
 ipaDefaultPrimaryGroup: ipausers
 ipaMaxUsernameLength: 8
 ipaPwdExpAdvNotify: 4
 ipaGroupObjectClasses: top
 ipaGroupObjectClasses: groupofnames
 ipaGroupObjectClasses: posixGroup
 ipaGroupObjectClasses: inetUser
 ipaUserObjectClasses: top
 ipaUserObjectClasses: person
 ipaUserObjectClasses: organizationalPerson
 ipaUserObjectClasses: inetOrgPerson
 ipaUserObjectClasses: inetUser
 ipaUserObjectClasses: posixAccount
 ipaUserObjectClasses: krbPrincipalAux
 ipaUserObjectClasses: radiusprofile
 dn: cn=account inactivation,cn=accounts,$SUFFIX
 changetype: add
--- a/ipa-server/xmlrpc-server/funcs.py
+++ b/ipa-server/xmlrpc-server/funcs.py
@ -506,8 +506,7 @@ class IPAServer:
            del user['gn']
        # some required objectclasses
-        entry.setValues('objectClass', 'top', 'person', 'organizationalPerson',
+        entry.setValues('objectClass', (config.get('ipauserobjectclasses')))
                'inetOrgPerson', 'inetUser', 'posixAccount', 'krbPrincipalAux', 'radiusprofile')
        # fill in our new entry with everything sent by the user
        for u in user:
@ -719,6 +718,12 @@ class IPAServer:
            finally:
                self.releaseConnection(conn)
        # Get our configuration
        config = self.get_ipa_config(opts)
        # Make sure we have the latest object classes
        newentry['objectclass'] = uniq_list(newentry.get('objectclass') + config.get('ipauserobjectclasses'))
        try:
           rv = self.update_entry(oldentry, newentry, opts)
           return rv
@ -878,13 +883,15 @@ class IPAServer:
        if self.__is_group_unique(group['cn'], opts) == 0:
            raise ipaerror.gen_exception(ipaerror.LDAP_DUPLICATE)
        # Get our configuration
        config = self.get_ipa_config(opts)
        dn="cn=%s,%s,%s" % (ldap.dn.escape_dn_chars(group['cn']),
                            group_container,self.basedn)
        entry = ipaserver.ipaldap.Entry(dn)
        # some required objectclasses
-        entry.setValues('objectClass', 'top', 'groupofnames', 'posixGroup',
+        entry.setValues('objectClass', (config.get('ipagroupobjectclasses')))
                        'inetUser')
        # No need to explicitly set gidNumber. The dna_plugin will do this
        # for us if the value isn't provided by the user.
@ -1226,6 +1233,12 @@ class IPAServer:
            finally:
                self.releaseConnection(conn)
        # Get our configuration
        config = self.get_ipa_config(opts)
        # Make sure we have the latest object classes
        newentry['objectclass'] = uniq_list(newentry.get('objectclass') + config.get('ipauserobjectclasses'))
        try:
           rv = self.update_entry(oldentry, newentry, opts)
           return rv
@ -1590,3 +1603,8 @@ def ldap_search_escape(match):
        return r'\00'
    else:
        return value
 def uniq_list(x):
    """Return a unique list, preserving order and ignoring case"""
    set = {}
    return [set.setdefault(e,e) for e in x if e.lower() not in set]