IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

new commands to manage user/host/service certificates

Browse Source 
A new group of commands is introduced that simplifies adding and removing
binary certificates to entries. A general form of the command is

ipa [user/host/service]-[add/remove]-cert [pkey] --certificate=[BASE64 BLOB]

Part of http://www.freeipa.org/page/V4/User_Certificates and
https://fedorahosted.org/freeipa/ticket/4238

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
Martin Babinsky
2015-06-23 13:42:01 +02:00
committed by Jan Cholasta
parent 53b11b6117
commit 76eea85701
5 changed files with 166 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
ipalib/plugins/user.py
View File

@@ -1001,3 +1001,55 @@ class user_status(LDAPQuery):
summary=unicode(_('Account disabled: %(disabled)s' %
dict(disabled=disabled))),
)
@register()
class user_add_cert(LDAPAddAttribute):
__doc__ = _('Add one or more certificates to the user entry')
msg_summary = _('Added certificates to user "%(value)s"')
attribute = 'usercertificate'
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys,
**options):
assert isinstance(dn, DN)
new_attr_name = '%s;binary' % self.attribute
if self.attribute in entry_attrs:
entry_attrs[new_attr_name] = entry_attrs.pop(self.attribute)
return dn
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
assert isinstance(dn, DN)
old_attr_name = '%s;binary' % self.attribute
if old_attr_name in entry_attrs:
entry_attrs[self.attribute] = entry_attrs.pop(old_attr_name)
return dn
@register()
class user_remove_cert(LDAPRemoveAttribute):
__doc__ = _('Remove one or more certificates to the user entry')
msg_summary = _('Removed certificates from user "%(value)s"')
attribute = 'usercertificate'
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys,
**options):
assert isinstance(dn, DN)
new_attr_name = '%s;binary' % self.attribute
if self.attribute in entry_attrs:
entry_attrs[new_attr_name] = entry_attrs.pop(self.attribute)
return dn
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
assert isinstance(dn, DN)
old_attr_name = '%s;binary' % self.attribute
if old_attr_name in entry_attrs:
entry_attrs[self.attribute] = entry_attrs.pop(old_attr_name)
return dn