IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add LDAPObject setting to handle different attributes for RDN and PKEY.

Browse Source
This commit is contained in:
Pavel Zuna
2010-10-27 13:04:06 -04:00
committed by Simo Sorce
parent c51ce61e4d
commit 93290c8a72
4 changed files with 48 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
ipalib/plugins/baseldap.py
View File

@@ -73,18 +73,31 @@ class LDAPObject(Object):
search_attributes_config = None search_attributes_config = None
default_attributes = [] default_attributes = []
hidden_attributes = ['objectclass', 'aci'] hidden_attributes = ['objectclass', 'aci']
# set rdn_attribute only if RDN attribute differs from primary key!
rdn_attribute = ''
uuid_attribute = '' uuid_attribute = ''
attribute_members = {} attribute_members = {}
container_not_found_msg = _('container entry (%(container)s) not found') container_not_found_msg = _('container entry (%(container)s) not found')
parent_not_found_msg = _('%(parent)s: %(oname)s not found') parent_not_found_msg = _('%(parent)s: %(oname)s not found')
object_not_found_msg = _('%(pkey)s: %(oname)s not found') object_not_found_msg = _('%(pkey)s: %(oname)s not found')
already_exists_msg = _('%(oname)s with name "%(pkey)s" already exists')
def get_dn(self, *keys, **kwargs): def get_dn(self, *keys, **kwargs):
if self.parent_object: if self.parent_object:
parent_dn = self.api.Object[self.parent_object].get_dn(*keys[:-1]) parent_dn = self.api.Object[self.parent_object].get_dn(*keys[:-1])
else: else:
parent_dn = self.container_dn parent_dn = self.container_dn
if self.rdn_attribute:
try:
(dn, entry_attrs) = self.backend.find_entry_by_attr(
self.primary_key.name, keys[-1], self.object_class, [''],
self.container_dn
)
except errors.NotFound:
pass
else:
return dn
if self.primary_key and keys[-1] is not None: if self.primary_key and keys[-1] is not None:
return self.backend.make_dn_from_attr( return self.backend.make_dn_from_attr(
self.primary_key.name, keys[-1], parent_dn self.primary_key.name, keys[-1], parent_dn
@@ -92,6 +105,14 @@ class LDAPObject(Object):
return parent_dn return parent_dn
def get_primary_key_from_dn(self, dn): def get_primary_key_from_dn(self, dn):
if self.rdn_attribute:
(dn, entry_attrs) = self.backend.get_entry(
dn, [self.primary_key.name]
)
try:
return entry_attrs[pkey][0]
except (KeyError, IndexError):
return ''
return dn[len(self.primary_key.name) + 1:dn.find(',')] return dn[len(self.primary_key.name) + 1:dn.find(',')]
def get_ancestor_primary_keys(self): def get_ancestor_primary_keys(self):
@@ -131,7 +152,7 @@ class LDAPObject(Object):
'parent_object', 'container_dn', 'object_name', 'object_name_plural', 'parent_object', 'container_dn', 'object_name', 'object_name_plural',
'object_class', 'object_class_config', 'default_attributes', 'label', 'object_class', 'object_class_config', 'default_attributes', 'label',
'hidden_attributes', 'uuid_attribute', 'attribute_members', 'name', 'hidden_attributes', 'uuid_attribute', 'attribute_members', 'name',
'takes_params', 'takes_params', 'rdn_attribute',
) )
def __json__(self): def __json__(self):
json_dict = dict( json_dict = dict(
@@ -254,8 +275,6 @@ class LDAPCreate(CallbackInterface, crud.Create):
def execute(self, *keys, **options): def execute(self, *keys, **options):
ldap = self.obj.backend ldap = self.obj.backend
dn = self.obj.get_dn(*keys, **options)
entry_attrs = self.args_options_2_entry(*keys, **options) entry_attrs = self.args_options_2_entry(*keys, **options)
entry_attrs['objectclass'] = self.obj.object_class entry_attrs['objectclass'] = self.obj.object_class
@@ -268,6 +287,19 @@ class LDAPCreate(CallbackInterface, crud.Create):
if self.obj.uuid_attribute: if self.obj.uuid_attribute:
entry_attrs[self.obj.uuid_attribute] = 'autogenerate' entry_attrs[self.obj.uuid_attribute] = 'autogenerate'
dn = self.obj.get_dn(*keys, **options)
if self.obj.rdn_attribute:
if not dn.startswith('%s=' % self.obj.primary_key.name):
raise errors.DuplicateEntry(
message=self.obj.already_exists_msg % {
'oname': self.obj.object_name,
'pkey': keys[-1],
}
)
dn = ldap.make_dn(
entry_attrs, self.obj.rdn_attribute, self.obj.container_dn
)
if options.get('all', False): if options.get('all', False):
attrs_list = ['*'] attrs_list = ['*']
else: else:
@@ -311,9 +343,15 @@ class LDAPCreate(CallbackInterface, crud.Create):
) )
try: try:
(dn, entry_attrs) = ldap.get_entry( if self.obj.rdn_attribute:
dn, attrs_list, normalize=self.obj.normalize_dn (dn, entry_attrs) = ldap.find_entry_by_attr(
) self.obj.primary_key.name, keys[-1], None, attrs_list,
self.obj.container_dn
)
else:
(dn, entry_attrs) = ldap.get_entry(
dn, attrs_list, normalize=self.obj.normalize_dn
)
except errors.ExecutionError, e: except errors.ExecutionError, e:
try: try:
(dn, entry_attrs) = self._call_exc_callbacks( (dn, entry_attrs) = self._call_exc_callbacks(

26
ipalib/plugins/hbac.py
View File

@@ -108,6 +108,7 @@ class hbac(LDAPObject):
'memberhostgroup', 'memberhostgroup',
] ]
uuid_attribute = 'ipauniqueid' uuid_attribute = 'ipauniqueid'
rdn_attribute = 'ipauniqueid'
attribute_members = { attribute_members = {
'memberuser': ['user', 'group'], 'memberuser': ['user', 'group'],
'memberhost': ['host', 'hostgroup'], 'memberhost': ['host', 'hostgroup'],
@@ -192,24 +193,6 @@ class hbac(LDAPObject):
), ),
) )
def get_dn(self, *keys, **kwargs):
try:
(dn, entry_attrs) = self.backend.find_entry_by_attr(
self.primary_key.name, keys[-1], self.object_class, [''],
self.container_dn
)
except errors.NotFound:
dn = super(hbac, self).get_dn(*keys, **kwargs)
return dn
def get_primary_key_from_dn(self, dn):
pkey = self.primary_key.name
(dn, entry_attrs) = self.backend.get_entry(dn, [pkey])
try:
return entry_attrs[pkey][0]
except (KeyError, IndexError):
return ''
api.register(hbac) api.register(hbac)
@@ -218,14 +201,9 @@ class hbac_add(LDAPCreate):
Create a new HBAC rule. Create a new HBAC rule.
""" """
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
if not dn.startswith('cn='):
msg = 'HBAC rule with name "%s" already exists' % keys[-1]
raise errors.DuplicateEntry(message=msg)
# HBAC rules are enabled by default # HBAC rules are enabled by default
entry_attrs['ipaenabledflag'] = 'TRUE' entry_attrs['ipaenabledflag'] = 'TRUE'
return ldap.make_dn( return dn
entry_attrs, self.obj.uuid_attribute, self.obj.container_dn
)
api.register(hbac_add) api.register(hbac_add)

25
ipalib/plugins/netgroup.py
View File

@@ -76,6 +76,7 @@ class netgroup(LDAPObject):
'nisdomainname', 'memberuser', 'memberhost', 'nisdomainname', 'memberuser', 'memberhost',
] ]
uuid_attribute = 'ipauniqueid' uuid_attribute = 'ipauniqueid'
rdn_attribute = 'ipauniqueid'
attribute_members = { attribute_members = {
'memberof': ['netgroup'], 'memberof': ['netgroup'],
'memberuser': ['user', 'group'], 'memberuser': ['user', 'group'],
@@ -108,24 +109,6 @@ class netgroup(LDAPObject):
), ),
) )
def get_dn(self, *keys, **kwargs):
try:
(dn, entry_attrs) = self.backend.find_entry_by_attr(
self.primary_key.name, keys[-1], self.object_class, [''],
self.container_dn
)
except errors.NotFound:
dn = super(netgroup, self).get_dn(*keys, **kwargs)
return dn
def get_primary_key_from_dn(self, dn):
pkey = self.primary_key.name
(dn, entry_attrs) = self.backend.get_entry(dn, [pkey])
try:
return entry_attrs[pkey][0]
except (KeyError, IndexError):
return ''
api.register(netgroup) api.register(netgroup)
@@ -135,13 +118,7 @@ class netgroup_add(LDAPCreate):
""" """
has_output_params = output_params has_output_params = output_params
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
if not dn.startswith('cn='):
msg = 'netgroup with name "%s" already exists' % keys[-1]
raise errors.DuplicateEntry(message=msg)
entry_attrs.setdefault('nisdomainname', self.api.env.domain) entry_attrs.setdefault('nisdomainname', self.api.env.domain)
dn = ldap.make_dn(
entry_attrs, self.obj.uuid_attribute, self.obj.container_dn
)
return dn return dn
api.register(netgroup_add) api.register(netgroup_add)

11
ipalib/plugins/sudorule.py
View File

@@ -38,6 +38,7 @@ class sudorule(LDAPObject):
] ]
uuid_attribute = 'ipauniqueid' uuid_attribute = 'ipauniqueid'
rdn_attribute = 'ipauniqueid'
attribute_members = { attribute_members = {
'memberuser': ['user', 'group'], 'memberuser': ['user', 'group'],
'memberhost': ['host', 'hostgroup'], 'memberhost': ['host', 'hostgroup'],
@@ -88,16 +89,6 @@ class sudorule(LDAPObject):
) )
def get_dn(self, *keys, **kwargs):
try:
(dn, entry_attrs) = self.backend.find_entry_by_attr(
self.primary_key.name, keys[-1], self.object_class, [''],
self.container_dn
)
except errors.NotFound:
dn = super(sudorule, self).get_dn(*keys, **kwargs)
return dn
api.register(sudorule) api.register(sudorule)