IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Require rid-base and secondary-rid-base in idrange-add after ipa-adtrust-install

Browse Source 
Add a new API command 'adtrust_is_enabled', which can be used to determine
whether ipa-adtrust-install has been run on the system. This new command is not
visible in IPA CLI.

Use this command in idrange_add to conditionally require rid-base and
secondary-rid-base options.

Add tests to cover the new functionality

https://fedorahosted.org/freeipa/ticket/3634
This commit is contained in:
Ana Krivokapic
2013-06-10 18:57:08 -04:00
committed by Petr Viktorin
parent 2775dec3be
commit 91a5d3349b
7 changed files with 197 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
ipalib/plugins/idrange.py
View File

@@ -356,7 +356,7 @@ class idrange_add(LDAPCreate):
may be given for a new ID range for the local domain while
--rid-bas
--rid-base
--dom-sid
must be given to add a new range for a trusted AD domain.
@@ -381,6 +381,9 @@ class idrange_add(LDAPCreate):
Also ensure that secondary-rid-base is prompted for when rid-base is
specified and vice versa, in case that dom-sid was not specified.
Also ensure that rid-base and secondary-rid-base is prompted for
if ipa-adtrust-install has been run on the system.
"""
# dom-sid can be specified using dom-sid or dom-name options
@@ -410,6 +413,22 @@ class idrange_add(LDAPCreate):
value = self.prompt_param(self.params['ipabaserid'])
kw.update(dict(ipabaserid=value))
# Prompt for rid-base and secondary-rid-base if ipa-adtrust-install
# has been run on the system
adtrust_is_enabled = api.Command['adtrust_is_enabled']()['result']
if adtrust_is_enabled:
rid_base = kw.get('ipabaserid', None)
secondary_rid_base = kw.get('ipasecondarybaserid', None)
if rid_base is None:
value = self.prompt_param(self.params['ipabaserid'])
kw.update(dict(ipabaserid=value))
if secondary_rid_base is None:
value = self.prompt_param(self.params['ipasecondarybaserid'])
kw.update(dict(ipasecondarybaserid=value))
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
assert isinstance(dn, DN)
@@ -495,6 +514,20 @@ class idrange_add(LDAPCreate):
error=_("Primary RID range and secondary RID range"
" cannot overlap"))
# rid-base and secondary-rid-base must be set if
# ipa-adtrust-install has been run on the system
adtrust_is_enabled = api.Command['adtrust_is_enabled']()['result']
if adtrust_is_enabled and not (
is_set('ipabaserid') and is_set('ipasecondarybaserid')):
raise errors.ValidationError(
name='ID Range setup',
error=_(
'You must specify both rid-base and '
'secondary-rid-base options, because '
'ipa-adtrust-install has already been run.'
)
)
return dn
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):

32
ipalib/plugins/trust.py
View File

@@ -20,12 +20,9 @@
from ipalib.plugins.baseldap import *
from ipalib.plugins.dns import dns_container_exists
from ipalib import api, Str, StrEnum, Password, DefaultFrom, _, ngettext, Object
from ipalib.parameters import Enum
from ipalib import api, Str, StrEnum, Password, _, ngettext
from ipalib import Command
from ipalib import errors
from ipapython import ipautil
from ipalib import util
try:
import pysss_murmur #pylint: disable=F0401
_murmur_installed = True
@@ -843,3 +840,30 @@ class trust_resolve(Command):
return dict(result=result)
api.register(trust_resolve)
class adtrust_is_enabled(Command):
NO_CLI = True
__doc__ = _('Determine whether ipa-adtrust-install has been run on this '
'system')
def execute(self, *keys, **options):
ldap = self.api.Backend.ldap2
adtrust_dn = DN(
('cn', 'ADTRUST'),
('cn', api.env.host),
('cn', 'masters'),
('cn', 'ipa'),
('cn', 'etc'),
api.env.basedn
)
try:
ldap.get_entry(adtrust_dn)
except errors.NotFound:
return dict(result=False)
return dict(result=True)
api.register(adtrust_is_enabled)