mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
Allow cospriority to be updated and fix description of priority ordering
Need to add a few more places where the DN will not be automatically normalized. The krb5 server expects a very specific format and normalizing causes it to not work.
This commit is contained in:
Rob Crittenden
@@ -26,6 +26,7 @@ from ipalib import api, crud, errors
|
|||||||
from ipalib import Command, Object
|
from ipalib import Command, Object
|
||||||
from ipalib import Int, Str
|
from ipalib import Int, Str
|
||||||
from ipalib import output
|
from ipalib import output
|
||||||
|
from ipalib import _, ngettext
|
||||||
from ldap.functions import explode_dn
|
from ldap.functions import explode_dn
|
||||||
|
|
||||||
_fields = {
|
_fields = {
|
||||||
@@ -55,6 +56,15 @@ def _convert_time_on_input(entry_attrs):
|
|||||||
if 'krbminpwdlife' in entry_attrs:
|
if 'krbminpwdlife' in entry_attrs:
|
||||||
entry_attrs['krbminpwdlife'] = entry_attrs['krbminpwdlife'] * 3600
|
entry_attrs['krbminpwdlife'] = entry_attrs['krbminpwdlife'] * 3600
|
||||||
|
|
||||||
|
def find_group_dn(group):
|
||||||
|
"""
|
||||||
|
Given a group name find the DN of that group
|
||||||
|
"""
|
||||||
|
try:
|
||||||
|
entry = api.Command['group_show'](group)['result']
|
||||||
|
except errors.NotFound:
|
||||||
|
raise errors.NotFound(reason="group '%s' does not exist" % group)
|
||||||
|
return entry['dn']
|
||||||
|
|
||||||
def make_cos_entry(group, cospriority=None):
|
def make_cos_entry(group, cospriority=None):
|
||||||
"""
|
"""
|
||||||
@@ -65,11 +75,7 @@ def make_cos_entry(group, cospriority=None):
|
|||||||
cos_entry = entry representing this new object
|
cos_entry = entry representing this new object
|
||||||
"""
|
"""
|
||||||
|
|
||||||
try:
|
groupdn = find_group_dn(group)
|
||||||
entry = api.Command['group_show'](group)['result']
|
|
||||||
except errors.NotFound:
|
|
||||||
raise errors.NotFound(reason="group '%s' does not exist" % group)
|
|
||||||
groupdn = entry['dn']
|
|
||||||
|
|
||||||
cos_entry = {}
|
cos_entry = {}
|
||||||
if cospriority:
|
if cospriority:
|
||||||
@@ -157,7 +163,7 @@ class pwpolicy_add(crud.Create):
|
|||||||
Int('cospriority',
|
Int('cospriority',
|
||||||
cli_name='priority',
|
cli_name='priority',
|
||||||
label='Priority',
|
label='Priority',
|
||||||
doc='Priority of the policy. Higher number equals higher priority',
|
doc='Priority of the policy. Higher number equals lower priority',
|
||||||
minvalue=0,
|
minvalue=0,
|
||||||
attribute=True,
|
attribute=True,
|
||||||
),
|
),
|
||||||
@@ -206,7 +212,7 @@ class pwpolicy_mod(crud.Update):
|
|||||||
),
|
),
|
||||||
Int('cospriority?',
|
Int('cospriority?',
|
||||||
cli_name='priority',
|
cli_name='priority',
|
||||||
doc='Priority of the policy. Higher number equals higher priority',
|
doc='Priority of the policy. Higher number equals lower priority',
|
||||||
minvalue=0,
|
minvalue=0,
|
||||||
attribute=True,
|
attribute=True,
|
||||||
),
|
),
|
||||||
@@ -221,9 +227,17 @@ class pwpolicy_mod(crud.Update):
|
|||||||
ldap = self.api.Backend.ldap2
|
ldap = self.api.Backend.ldap2
|
||||||
|
|
||||||
if not 'group' in options:
|
if not 'group' in options:
|
||||||
|
if 'cospriority' in options:
|
||||||
|
raise errors.ValidationError(name='priority', error=_('priority cannot be set on global policy'))
|
||||||
dn = self.api.env.container_accounts
|
dn = self.api.env.container_accounts
|
||||||
entry_attrs = self.args_options_2_entry(*args, **options)
|
entry_attrs = self.args_options_2_entry(*args, **options)
|
||||||
else:
|
else:
|
||||||
|
if 'cospriority' in options:
|
||||||
|
groupdn = find_group_dn(options['group'])
|
||||||
|
cos_dn = 'cn="%s", cn=cosTemplates, cn=accounts, %s' % (groupdn, api.env.basedn)
|
||||||
|
self.log.debug('%s' % cos_dn)
|
||||||
|
ldap.update_entry(cos_dn, dict(cospriority = options['cospriority']), normalize=False)
|
||||||
|
del options['cospriority']
|
||||||
entry_attrs = self.args_options_2_entry(*args, **options)
|
entry_attrs = self.args_options_2_entry(*args, **options)
|
||||||
(dn, entry_attrs) = make_policy_entry(options['group'], entry_attrs)
|
(dn, entry_attrs) = make_policy_entry(options['group'], entry_attrs)
|
||||||
_convert_time_on_input(entry_attrs)
|
_convert_time_on_input(entry_attrs)
|
||||||
@@ -319,6 +333,12 @@ class pwpolicy_show(Command):
|
|||||||
(dn, policy_entry) = make_policy_entry(options['group'], policy_entry)
|
(dn, policy_entry) = make_policy_entry(options['group'], policy_entry)
|
||||||
(dn, entry_attrs) = ldap.get_entry(dn)
|
(dn, entry_attrs) = ldap.get_entry(dn)
|
||||||
|
|
||||||
|
if 'group' in options:
|
||||||
|
groupdn = find_group_dn(options['group'])
|
||||||
|
cos_dn = 'cn="%s", cn=cosTemplates, cn=accounts, %s' % (groupdn, api.env.basedn)
|
||||||
|
(dn, cos_attrs) = ldap.get_entry(cos_dn, normalize=False)
|
||||||
|
entry_attrs['priority'] = cos_attrs['cospriority']
|
||||||
|
|
||||||
if 'user' in options:
|
if 'user' in options:
|
||||||
if group:
|
if group:
|
||||||
entry_attrs['group'] = group
|
entry_attrs['group'] = group
|
||||||
|
|||||||
@@ -421,7 +421,8 @@ class ldap2(CrudBackend, Encoder):
|
|||||||
@encode_args(1, 2, 3)
|
@encode_args(1, 2, 3)
|
||||||
@decode_retval()
|
@decode_retval()
|
||||||
def find_entries(self, filter, attrs_list=None, base_dn='',
|
def find_entries(self, filter, attrs_list=None, base_dn='',
|
||||||
scope=_ldap.SCOPE_SUBTREE, time_limit=1, size_limit=3000):
|
scope=_ldap.SCOPE_SUBTREE, time_limit=1, size_limit=3000,
|
||||||
|
normalize=True):
|
||||||
"""
|
"""
|
||||||
Return a list of entries [(dn, entry_attrs)] matching specified
|
Return a list of entries [(dn, entry_attrs)] matching specified
|
||||||
search parameters followed by truncated flag. If the truncated flag is
|
search parameters followed by truncated flag. If the truncated flag is
|
||||||
@@ -433,8 +434,10 @@ class ldap2(CrudBackend, Encoder):
|
|||||||
scope -- search scope, see LDAP docs (default ldap2.SCOPE_SUBTREE)
|
scope -- search scope, see LDAP docs (default ldap2.SCOPE_SUBTREE)
|
||||||
time_limit -- time limit in seconds (default 1)
|
time_limit -- time limit in seconds (default 1)
|
||||||
size_limit -- size (number of entries returned) limit (default 3000)
|
size_limit -- size (number of entries returned) limit (default 3000)
|
||||||
|
normalize -- normalize the DN (default True)
|
||||||
"""
|
"""
|
||||||
base_dn = self.normalize_dn(base_dn)
|
if normalize:
|
||||||
|
base_dn = self.normalize_dn(base_dn)
|
||||||
if not filter:
|
if not filter:
|
||||||
filter = '(objectClass=*)'
|
filter = '(objectClass=*)'
|
||||||
res = []
|
res = []
|
||||||
@@ -475,14 +478,14 @@ class ldap2(CrudBackend, Encoder):
|
|||||||
filter = self.make_filter(search_kw, rules=self.MATCH_ALL)
|
filter = self.make_filter(search_kw, rules=self.MATCH_ALL)
|
||||||
return self.find_entries(filter, attrs_list, base_dn)[0][0]
|
return self.find_entries(filter, attrs_list, base_dn)[0][0]
|
||||||
|
|
||||||
def get_entry(self, dn, attrs_list=None):
|
def get_entry(self, dn, attrs_list=None, normalize=True):
|
||||||
"""
|
"""
|
||||||
Get entry (dn, entry_attrs) by dn.
|
Get entry (dn, entry_attrs) by dn.
|
||||||
|
|
||||||
Keyword arguments:
|
Keyword arguments:
|
||||||
attrs_list - list of attributes to return, all if None (default None)
|
attrs_list - list of attributes to return, all if None (default None)
|
||||||
"""
|
"""
|
||||||
return self.find_entries(None, attrs_list, dn, self.SCOPE_BASE)[0][0]
|
return self.find_entries(None, attrs_list, dn, self.SCOPE_BASE, normalize=normalize)[0][0]
|
||||||
|
|
||||||
def get_ipa_config(self):
|
def get_ipa_config(self):
|
||||||
"""Returns the IPA configuration entry (dn, entry_attrs)."""
|
"""Returns the IPA configuration entry (dn, entry_attrs)."""
|
||||||
@@ -572,9 +575,9 @@ class ldap2(CrudBackend, Encoder):
|
|||||||
except _ldap.LDAPError, e:
|
except _ldap.LDAPError, e:
|
||||||
_handle_errors(e, **{})
|
_handle_errors(e, **{})
|
||||||
|
|
||||||
def _generate_modlist(self, dn, entry_attrs):
|
def _generate_modlist(self, dn, entry_attrs, normalize):
|
||||||
# get original entry
|
# get original entry
|
||||||
(dn, entry_attrs_old) = self.get_entry(dn, entry_attrs.keys())
|
(dn, entry_attrs_old) = self.get_entry(dn, entry_attrs.keys(), normalize)
|
||||||
# get_entry returns a decoded entry, encode it back
|
# get_entry returns a decoded entry, encode it back
|
||||||
# we could call search_s directly, but this saves a lot of code at
|
# we could call search_s directly, but this saves a lot of code at
|
||||||
# the expense of a little bit of performace
|
# the expense of a little bit of performace
|
||||||
@@ -618,16 +621,17 @@ class ldap2(CrudBackend, Encoder):
|
|||||||
return modlist
|
return modlist
|
||||||
|
|
||||||
@encode_args(1, 2)
|
@encode_args(1, 2)
|
||||||
def update_entry(self, dn, entry_attrs):
|
def update_entry(self, dn, entry_attrs, normalize=True):
|
||||||
"""
|
"""
|
||||||
Update entry's attributes.
|
Update entry's attributes.
|
||||||
|
|
||||||
An attribute value set to None deletes all current values.
|
An attribute value set to None deletes all current values.
|
||||||
"""
|
"""
|
||||||
dn = self.normalize_dn(dn)
|
if normalize:
|
||||||
|
dn = self.normalize_dn(dn)
|
||||||
|
|
||||||
# generate modlist
|
# generate modlist
|
||||||
modlist = self._generate_modlist(dn, entry_attrs)
|
modlist = self._generate_modlist(dn, entry_attrs, normalize)
|
||||||
if not modlist:
|
if not modlist:
|
||||||
raise errors.EmptyModlist()
|
raise errors.EmptyModlist()
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user