mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
Populate nshardwareplatform and nsosversion during join operation
Fixes: https://pagure.io/freeipa/issue/8370 Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
parent
67d4517f73
commit
8f640f8672
2
ACI.txt
2
ACI.txt
@ -141,7 +141,7 @@ aci: (targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System
|
|||||||
dn: cn=computers,cn=accounts,dc=ipa,dc=example
|
dn: cn=computers,cn=accounts,dc=ipa,dc=example
|
||||||
aci: (targetattr = "krbprincipalname")(targetfilter = "(&(!(krbprincipalname=*))(objectclass=ipahost))")(version 3.0;acl "permission:System: Add krbPrincipalName to a Host";allow (write) groupdn = "ldap:///cn=System: Add krbPrincipalName to a Host,cn=permissions,cn=pbac,dc=ipa,dc=example";)
|
aci: (targetattr = "krbprincipalname")(targetfilter = "(&(!(krbprincipalname=*))(objectclass=ipahost))")(version 3.0;acl "permission:System: Add krbPrincipalName to a Host";allow (write) groupdn = "ldap:///cn=System: Add krbPrincipalName to a Host,cn=permissions,cn=pbac,dc=ipa,dc=example";)
|
||||||
dn: cn=computers,cn=accounts,dc=ipa,dc=example
|
dn: cn=computers,cn=accounts,dc=ipa,dc=example
|
||||||
aci: (targetattr = "enrolledby || objectclass")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Enroll a Host";allow (write) groupdn = "ldap:///cn=System: Enroll a Host,cn=permissions,cn=pbac,dc=ipa,dc=example";)
|
aci: (targetattr = "enrolledby || nshardwareplatform || nsosversion || objectclass")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Enroll a Host";allow (write) groupdn = "ldap:///cn=System: Enroll a Host,cn=permissions,cn=pbac,dc=ipa,dc=example";)
|
||||||
dn: cn=computers,cn=accounts,dc=ipa,dc=example
|
dn: cn=computers,cn=accounts,dc=ipa,dc=example
|
||||||
aci: (targetattr = "usercertificate")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Manage Host Certificates";allow (write) groupdn = "ldap:///cn=System: Manage Host Certificates,cn=permissions,cn=pbac,dc=ipa,dc=example";)
|
aci: (targetattr = "usercertificate")(targetfilter = "(objectclass=ipahost)")(version 3.0;acl "permission:System: Manage Host Certificates";allow (write) groupdn = "ldap:///cn=System: Manage Host Certificates,cn=permissions,cn=pbac,dc=ipa,dc=example";)
|
||||||
dn: cn=computers,cn=accounts,dc=ipa,dc=example
|
dn: cn=computers,cn=accounts,dc=ipa,dc=example
|
||||||
|
@ -361,7 +361,9 @@ class host(LDAPObject):
|
|||||||
},
|
},
|
||||||
'System: Enroll a Host': {
|
'System: Enroll a Host': {
|
||||||
'ipapermright': {'write'},
|
'ipapermright': {'write'},
|
||||||
'ipapermdefaultattr': {'objectclass', 'enrolledby'},
|
'ipapermdefaultattr': {
|
||||||
|
'objectclass', 'enrolledby', 'nshardwareplatform', 'nsosversion'
|
||||||
|
},
|
||||||
'replaces': [
|
'replaces': [
|
||||||
'(targetattr = "objectclass")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,$SUFFIX")(version 3.0;acl "permission:Enroll a host";allow (write) groupdn = "ldap:///cn=Enroll a host,cn=permissions,cn=pbac,$SUFFIX";)',
|
'(targetattr = "objectclass")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,$SUFFIX")(version 3.0;acl "permission:Enroll a host";allow (write) groupdn = "ldap:///cn=Enroll a host,cn=permissions,cn=pbac,$SUFFIX";)',
|
||||||
'(targetattr = "enrolledby || objectclass")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,$SUFFIX")(version 3.0;acl "permission:Enroll a host";allow (write) groupdn = "ldap:///cn=Enroll a host,cn=permissions,cn=pbac,$SUFFIX";)',
|
'(targetattr = "enrolledby || objectclass")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,$SUFFIX")(version 3.0;acl "permission:Enroll a host";allow (write) groupdn = "ldap:///cn=Enroll a host,cn=permissions,cn=pbac,$SUFFIX";)',
|
||||||
|
@ -97,10 +97,13 @@ class join(Command):
|
|||||||
assert 'cn' not in kw
|
assert 'cn' not in kw
|
||||||
ldap = self.api.Backend.ldap2
|
ldap = self.api.Backend.ldap2
|
||||||
|
|
||||||
|
# realm parameter is not supported by host_{add,mod}
|
||||||
|
kw.pop('realm', None)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
# First see if the host exists
|
# First see if the host exists
|
||||||
kw = {'fqdn': hostname, 'all': True}
|
show_kw = {'fqdn': hostname, 'all': True}
|
||||||
attrs_list = api.Command['host_show'](**kw)['result']
|
attrs_list = api.Command['host_show'](**show_kw)['result']
|
||||||
dn = attrs_list['dn']
|
dn = attrs_list['dn']
|
||||||
|
|
||||||
# No error raised so far means that host entry exists
|
# No error raised so far means that host entry exists
|
||||||
@ -112,7 +115,8 @@ class join(Command):
|
|||||||
# one.
|
# one.
|
||||||
if 'krbprincipalname' not in attrs_list:
|
if 'krbprincipalname' not in attrs_list:
|
||||||
service = "host/%s@%s" % (hostname, api.env.realm)
|
service = "host/%s@%s" % (hostname, api.env.realm)
|
||||||
api.Command['host_mod'](hostname, krbprincipalname=service)
|
api.Command['host_mod'](hostname, **kw,
|
||||||
|
krbprincipalname=service)
|
||||||
logger.info('No principal set, setting to %s', service)
|
logger.info('No principal set, setting to %s', service)
|
||||||
|
|
||||||
# It exists, can we write the password attributes?
|
# It exists, can we write the password attributes?
|
||||||
@ -122,12 +126,11 @@ class join(Command):
|
|||||||
"to the 'krbLastPwdChange' attribute of entry '%s'.") % dn)
|
"to the 'krbLastPwdChange' attribute of entry '%s'.") % dn)
|
||||||
|
|
||||||
# Reload the attrs_list and dn so that we return update values
|
# Reload the attrs_list and dn so that we return update values
|
||||||
kw = {'fqdn': hostname, 'all': True}
|
attrs_list = api.Command['host_show'](**show_kw)['result']
|
||||||
attrs_list = api.Command['host_show'](**kw)['result']
|
|
||||||
dn = attrs_list['dn']
|
dn = attrs_list['dn']
|
||||||
|
|
||||||
except errors.NotFound:
|
except errors.NotFound:
|
||||||
attrs_list = api.Command['host_add'](hostname,
|
attrs_list = api.Command['host_add'](hostname, **kw,
|
||||||
force=True)['result']
|
force=True)['result']
|
||||||
dn = attrs_list['dn']
|
dn = attrs_list['dn']
|
||||||
|
|
||||||
@ -135,4 +138,4 @@ class join(Command):
|
|||||||
attrs_list['ipacertificatesubjectbase'] =\
|
attrs_list['ipacertificatesubjectbase'] =\
|
||||||
config['ipacertificatesubjectbase']
|
config['ipacertificatesubjectbase']
|
||||||
|
|
||||||
return (dn, attrs_list)
|
return dn, attrs_list
|
||||||
|
Loading…
Reference in New Issue
Block a user