Provide list of available attributes for use in ACI UI.

Also include flag indicating whether the object is bindable. This will be used to determine if the object can have a selfservice ACI. ticket 446
2025-02-25 18:55:28 -06:00 · 2010-12-02 11:05:54 -05:00
parent 867ac1f03d
commit 8a63315ef3
6 changed files with 26 additions and 3 deletions
--- a/install/share/bootstrap-template.ldif
+++ b/install/share/bootstrap-template.ldif
@@ -218,7 +218,6 @@ ipaUserObjectClasses: inetuser
 ipaUserObjectClasses: posixaccount
 ipaUserObjectClasses: krbprincipalaux
 ipaUserObjectClasses: krbticketpolicyaux
-ipaUserObjectClasses: radiusprofile
 ipaUserObjectClasses: ipaobject
 ipaDefaultEmailDomain: $DOMAIN
 ipaMigrationEnabled: FALSE
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -197,6 +197,8 @@ class LDAPObject(Object):
    uuid_attribute = ''
    attribute_members = {}
    rdnattr = None
+    # Can bind as this entry (has userPassword or krbPrincipalKey)
+    bindable = False

    container_not_found_msg = _('container entry (%(container)s) not found')
    parent_not_found_msg = _('%(parent)s: %(oname)s not found')
@@ -293,14 +295,33 @@ class LDAPObject(Object):
        'parent_object', 'container_dn', 'object_name', 'object_name_plural',
        'object_class', 'object_class_config', 'default_attributes', 'label',
        'hidden_attributes', 'uuid_attribute', 'attribute_members', 'name',
-        'takes_params', 'rdn_attribute',
+        'takes_params', 'rdn_attribute', 'bindable',
    )
+
    def __json__(self):
+        ldap = self.backend
        json_dict = dict(
            (a, getattr(self, a)) for a in self.json_friendly_attributes
        )
        if self.primary_key:
            json_dict['primary_key'] = self.primary_key.name
+        objectclasses = self.object_class
+        if self.object_class_config:
+            config = ldap.get_ipa_config()[1]
+            objectclasses = config.get(
+                self.object_class_config, objectclasses
+            )
+        # Get list of available attributes for this object for use
+        # in the ACI UI.
+        attrs = self.api.Backend.ldap2.schema.attribute_types(objectclasses)
+        attrlist = []
+        # Go through the MUST first
+        for (oid, attr) in attrs[0].iteritems():
+            attrlist.append(attr.names[0])
+        # And now the MAY
+        for (oid, attr) in attrs[1].iteritems():
+            attrlist.append(attr.names[0])
+        json_dict['aciattrs'] = attrlist
        json_dict['methods'] = [m for m in self.methods]
        return json_dict

--- a/ipalib/plugins/host.py
+++ b/ipalib/plugins/host.py
@@ -165,6 +165,7 @@ class host(LDAPObject):
        'memberof': ['hostgroup', 'netgroup', 'role'],
        'managedby': ['host'],
    }
+    bindable = True

    label = _('Hosts')

--- a/ipalib/plugins/internal.py
+++ b/ipalib/plugins/internal.py
@@ -56,7 +56,7 @@ class json_metadata(Command):
                    ((objname, json_serialize(self.api.Object[objname])), )
                )
            )
-            retval= dict([("metadata",meta), ("messages",dict())])
+            retval= dict([("metadata",meta)])

        else:
            meta=dict(
--- a/ipalib/plugins/service.py
+++ b/ipalib/plugins/service.py
@@ -237,6 +237,7 @@ class service(LDAPObject):
    attribute_members = {
        'managedby': ['host'],
    }
+    bindable = True

    label = _('Services')

--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -73,6 +73,7 @@ class user(LDAPObject):
        'memberof': ['group', 'netgroup', 'role'],
    }
    rdnattr = 'uid'
+    bindable = True

    label = _('Users')