IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

user-enable/disable improvements

Browse Source 
Always display the account enable/disable status.

Don't ignore the exceptions when a user is already enabled or disabled.

Fix the exception error messages to use the right terminology.

In baseldap when retrieving all attributes include the default attributes
in case they include some operational attributes.

ticket 392
This commit is contained in:
Rob Crittenden 2010-11-03 15:31:46 -04:00 committed by Adam Young
parent 72cf73b6b6
commit 6f5cd3232a
4 changed files with 45 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
ipalib/errors.py
View File

@ -913,12 +913,12 @@ class AlreadyActive(ExecutionError):
>>> raise AlreadyActive()
Traceback (most recent call last):
...
AlreadyActive: This entry is already unlocked
AlreadyActive: This entry is already enabled
"""
errno = 4009
format = _('This entry is already unlocked')
format = _('This entry is already enabled')
class AlreadyInactive(ExecutionError):
"""
@ -929,12 +929,12 @@ class AlreadyInactive(ExecutionError):
>>> raise AlreadyInactive()
Traceback (most recent call last):
...
AlreadyInactive: This entry is already locked
AlreadyInactive: This entry is already disabled
"""
errno = 4010
format = _('This entry is already locked')
format = _('This entry is already disabled')
class HasNSAccountLock(ExecutionError):
"""
@ -945,12 +945,12 @@ class HasNSAccountLock(ExecutionError):
>>> raise HasNSAccountLock()
Traceback (most recent call last):
...
HasNSAccountLock: This entry has nsAccountLock set, it cannot be locked or unlocked
HasNSAccountLock: This entry cannot be enableed or disabled
"""
errno = 4011
format = _('This entry has nsAccountLock set, it cannot be locked or unlocked')
format = _('This entry cannot be enabled or disabled')
class NotGroupMember(ExecutionError):
"""

12
ipalib/plugins/baseldap.py
View File

@ -400,7 +400,7 @@ class LDAPCreate(CallbackInterface, crud.Create):
)
if options.get('all', False):
attrs_list = ['*']
attrs_list = ['*'] + self.obj.default_attributes
else:
attrs_list = list(
set(self.obj.default_attributes + entry_attrs.keys())
@ -538,7 +538,7 @@ class LDAPRetrieve(LDAPQuery):
dn = self.obj.get_dn(*keys, **options)
if options.get('all', False):
attrs_list = ['*']
attrs_list = ['*'] + self.obj.default_attributes
else:
attrs_list = list(self.obj.default_attributes)
@ -643,7 +643,7 @@ class LDAPUpdate(LDAPQuery, crud.Update):
entry_attrs[a] += old_entry[a]
if options.get('all', False):
attrs_list = ['*']
attrs_list = ['*'] + self.obj.default_attributes
else:
attrs_list = list(
set(self.obj.default_attributes + entry_attrs.keys())
@ -903,7 +903,7 @@ class LDAPAddMember(LDAPModMember):
completed += 1
if options.get('all', False):
attrs_list = ['*']
attrs_list = ['*'] + self.obj.default_attributes
else:
attrs_list = list(
set(self.obj.default_attributes + member_dns.keys())
@ -1005,7 +1005,7 @@ class LDAPRemoveMember(LDAPModMember):
completed += 1
if options.get('all', False):
attrs_list = ['*']
attrs_list = ['*'] + self.obj.default_attributes
else:
attrs_list = list(
set(self.obj.default_attributes + member_dns.keys())
@ -1100,7 +1100,7 @@ class LDAPSearch(CallbackInterface, crud.Search):
search_kw = self.args_options_2_entry(**options)
if options.get('all', False):
attrs_list = ['*']
attrs_list = ['*'] + self.obj.default_attributes
else:
attrs_list = list(
set(self.obj.default_attributes + search_kw.keys())

33
ipalib/plugins/user.py
View File

@ -48,7 +48,7 @@ EXAMPLES:
"""
from ipalib import api, errors
from ipalib import Flag, Int, Password, Str
from ipalib import Flag, Int, Password, Str, Bool
from ipalib.plugins.baseldap import *
from ipalib import _, ngettext
from ipalib.request import context
@ -66,7 +66,7 @@ class user(LDAPObject):
search_attributes_config = 'ipausersearchfields'
default_attributes = [
'uid', 'givenname', 'sn', 'homedirectory', 'loginshell', 'ou',
'telephonenumber', 'title', 'memberof',
'telephonenumber', 'title', 'memberof', 'nsaccountlock',
]
uuid_attribute = 'ipauniqueid'
attribute_members = {
@ -149,6 +149,10 @@ class user(LDAPObject):
Str('facsimiletelephonenumber*',
cli_name='fax',
label=_('Fax Number') ),
Bool('nsaccountlock?',
label=_('Account disabled'),
flags=['no_create', 'no_update', 'no_search'],
),
)
api.register(user)
@ -228,6 +232,11 @@ class user_mod(LDAPUpdate):
msg_summary = _('Modified user "%(value)s"')
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
if not 'nsaccountlock' in entry_attrs:
entry_attrs['nsaccountlock'] = [u'False']
return dn
api.register(user_mod)
@ -248,6 +257,12 @@ class user_find(LDAPSearch):
getattr(context, 'principal')
return filter
def post_callback(self, ldap, entries, truncated, *args, **options):
for entry in entries:
(dn, attrs) = entry
if not 'nsaccountlock' in attrs:
attrs['nsaccountlock'] = [u'False']
msg_summary = ngettext(
'%(count)d user matched', '%(count)d users matched', 0
)
@ -259,6 +274,10 @@ class user_show(LDAPRetrieve):
"""
Display information about a user.
"""
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
if not 'nsaccountlock' in entry_attrs:
entry_attrs['nsaccountlock'] = [u'False']
return dn
api.register(user_show)
@ -276,10 +295,7 @@ class user_disable(LDAPQuery):
dn = self.obj.get_dn(*keys, **options)
try:
ldap.deactivate_entry(dn)
except errors.AlreadyInactive:
pass
ldap.deactivate_entry(dn)
return dict(
result=True,
@ -302,10 +318,7 @@ class user_enable(LDAPQuery):
dn = self.obj.get_dn(*keys, **options)
try:
ldap.activate_entry(dn)
except errors.AlreadyActive:
pass
ldap.activate_entry(dn)
return dict(
result=True,

10
tests/test_xmlrpc/test_user_plugin.py
View File

@ -121,6 +121,7 @@ class test_user(Declarative):
sn=[u'User1'],
uid=[user1],
memberof_group=[u'ipausers'],
nsaccountlock=[u'False'],
),
value=user1,
summary=None,
@ -152,6 +153,7 @@ class test_user(Declarative):
'ipauniqueid': [fuzzy_uuid],
'mepmanagedentry': [u'cn=%s,cn=groups,cn=accounts,%s' % (user1, api.env.basedn)],
'krbpwdpolicyreference': [u'cn=global_policy,cn=%s,cn=kerberos,%s' % (api.env.realm, api.env.basedn)],
'nsaccountlock': [u'False'],
},
],
summary=u'1 user matched',
@ -175,6 +177,7 @@ class test_user(Declarative):
sn=[u'User1'],
uid=[user1],
memberof_group=[u'ipausers'],
nsaccountlock=[u'False'],
),
],
summary=u'1 user matched',
@ -200,6 +203,7 @@ class test_user(Declarative):
memberof_group=[u'admins'],
memberof_rolegroup=[u'hostadmin', u'replicaadmin'],
memberof_taskgroup=[u'addhosts', u'removehosts', u'modifyhosts', u'manage_host_keytab', u'enroll_host', u'managereplica', u'deletereplica'],
nsaccountlock=[u'False'],
),
dict(
dn=u'uid=tuser1,cn=users,cn=accounts,' + api.env.basedn,
@ -209,6 +213,7 @@ class test_user(Declarative):
sn=[u'User1'],
uid=[user1],
memberof_group=[u'ipausers'],
nsaccountlock=[u'False'],
),
],
summary=u'2 users matched',
@ -234,6 +239,7 @@ class test_user(Declarative):
memberof_group=[u'admins'],
memberof_rolegroup=[u'hostadmin', u'replicaadmin'],
memberof_taskgroup=[u'addhosts', u'removehosts', u'modifyhosts', u'manage_host_keytab', u'enroll_host', u'managereplica', u'deletereplica'],
nsaccountlock=[u'False'],
),
],
summary=u'1 user matched',
@ -282,6 +288,7 @@ class test_user(Declarative):
sn=[u'User1'],
uid=[user1],
memberof_group=[u'ipausers'],
nsaccountlock=[u'False'],
),
summary=u'Modified user "tuser1"',
value=user1,
@ -301,6 +308,7 @@ class test_user(Declarative):
sn=[u'User1'],
uid=[user1],
memberof_group=[u'ipausers'],
nsaccountlock=[u'False'],
),
summary=None,
value=user1,
@ -320,6 +328,7 @@ class test_user(Declarative):
sn=[u'User1'],
uid=[renameduser1],
memberof_group=[u'ipausers'],
nsaccountlock=[u'False'],
),
summary=u'Modified user "%s"' % user1,
value=user1,
@ -345,6 +354,7 @@ class test_user(Declarative):
sn=[u'User1'],
uid=[user1],
memberof_group=[u'ipausers'],
nsaccountlock=[u'False'],
),
summary=u'Modified user "%s"' % renameduser1,
value=renameduser1,