Port f_service to LDAP backend

Add new keyword, 'filter', that can be passed to the search function.
This is globbed onto the filter that is auto-created.
This commit is contained in:
Rob Crittenden 2008-10-17 19:20:23 -04:00
parent e66cd9599b
commit ae8370be44
4 changed files with 117 additions and 53 deletions

View File

@ -50,7 +50,7 @@ class ldap(CrudBackend):
def make_group_dn(self, cn):
"""
Construct user dn from cn.
Construct group dn from cn.
"""
return 'cn=%s,%s,%s' % (
self.dn.escape_dn_chars(cn),
@ -58,17 +58,28 @@ class ldap(CrudBackend):
self.api.env.basedn,
)
def make_service_dn(self, principal):
"""
Construct service principal dn from principal name
"""
return 'krbprincipalname=%s,%s,%s' % (
self.dn.escape_dn_chars(principal),
self.api.env.container_service,
self.api.env.basedn,
)
def get_object_type(self, attribute):
"""
Based on attribute, make an educated guess as to the type of
object we're looking for.
"""
attribute = attribute.lower()
object_type = None
if attribute == "uid": # User
object_type = "person"
elif attribute == "cn": # Group
object_type = "posixGroup"
elif attribute == "krbprincipal": # Service
elif attribute == "krbprincipalname": # Service
object_type = "krbPrincipal"
return object_type
@ -168,12 +179,18 @@ class ldap(CrudBackend):
def search(self, **kw):
objectclass = kw.get('objectclass')
sfilter = kw.get('filter')
if objectclass:
del kw['objectclass']
if sfilter:
del kw['filter']
(exact_match_filter, partial_match_filter) = self._generate_search_filters(**kw)
if objectclass:
exact_match_filter = "(&(objectClass=%s)%s)" % (objectclass, exact_match_filter)
partial_match_filter = "(&(objectClass=%s)%s)" % (objectclass, partial_match_filter)
if sfilter:
exact_match_filter = "(%s%s)" % (sfilter, exact_match_filter)
partial_match_filter = "(%s%s)" % (sfilter, partial_match_filter)
search_base = "%s, %s" % (self.api.env.container_accounts, self.api.env.basedn)
try:

View File

@ -168,7 +168,7 @@ class group_find(crud.Find):
object_type = ldap.get_object_type("cn")
if object_type and not kw.get('objectclass'):
kw['objectclass'] = ldap.get_object_type("cn")
kw['objectclass'] = object_type
return ldap.search(**kw)
def output_for_cli(self, groups):

View File

@ -1,5 +1,6 @@
# Authors:
# Jason Gerard DeRose <jderose@redhat.com>
# Rob Crittenden <rcritten@redhat.com>
#
# Copyright (C) 2008 Red Hat
# see file 'COPYING' for use and warranty information
@ -27,9 +28,6 @@ from ipalib.frontend import Param
from ipalib import api
from ipalib import errors
from ipalib import ipa_types
from ipa_server import servercore
from ipa_server import ipaldap
import ldap
class service(frontend.Object):
"""
@ -46,13 +44,26 @@ class service_add(crud.Add):
takes_options = (
Param('force?', type=ipa_types.Bool(), default=False, doc='Force a service principal name'),
)
def execute(self, *args, **kw):
"""args[0] = service principal to add
kw{force} determines whether we continue on errors
def execute(self, principal, **kw):
"""
force = kw.get('force', False)
Execute the service-add operation.
principal = args[0]
The dn should not be passed as a keyword argument as it is constructed
by this method.
Returns the entry as it will be created in LDAP.
:param principal: The service to be added in the form: service/hostname
:param kw: Keyword arguments for the other LDAP attributes.
"""
assert 'krbprincipalname' not in kw
ldap = self.api.Backend.ldap
force = kw.get('force', False)
try:
del kw['force']
except:
pass
# Break down the principal into its component parts, which may or
# may not include the realm.
@ -64,7 +75,7 @@ class service_add(crud.Add):
sr = sp[1].split('@')
if len(sr) == 1:
hostname = sr[0].lower()
realm = servercore.realm
realm = self.api.env.realm
elif len(sr) == 2:
hostname = sr[0].lower()
realm = sr[1]
@ -83,68 +94,104 @@ class service_add(crud.Add):
logging.debug("IPA: found %d records for '%s'" % (len(rs), hostname))
"""
service_container = servercore.DefaultServiceContainer
# At some point we'll support multiple realms
if (realm != servercore.realm):
if (realm != self.api.env.realm):
raise errors.RealmMismatch
# Put the principal back together again
princ_name = service + "/" + hostname + "@" + realm
dn = "krbprincipalname=%s,%s,%s" % (ldap.dn.escape_dn_chars(princ_name),
service_container,servercore.basedn)
entry = ipaldap.Entry(dn)
dn = ldap.make_service_dn(princ_name)
entry.setValues('objectClass', 'krbPrincipal', 'krbPrincipalAux', 'krbTicketPolicyAux')
entry.setValues('krbprincipalname', princ_name)
kw['dn'] = dn
kw['objectClass'] = ['krbPrincipal', 'krbPrincipalAux', 'krbTicketPolicyAux']
return ldap.create(**kw)
def output_to_cli(self, ret):
if ret:
print "Service added"
result = servercore.add_entry(entry)
return result
def forward(self, *args, **kw):
result = super(crud.Add, self).forward(*args, **kw)
if result:
print "Service %s added" % args[0]
api.register(service_add)
class service_del(crud.Del):
'Delete an existing service.'
def execute(self, *args, **kw):
"""args[0] = princial to remove
Delete a service principal.
principal is the full DN of the entry to delete.
This should be called with much care.
def execute(self, principal, **kw):
"""
principal = args[0]
return False
def forward(self, *args, **kw):
result = super(crud.Del, self).forward(*args, **kw)
if result:
print "Service %s removed" % args[0]
Delete a service principal.
principal is the krbprincipalname of the entry to delete.
This should be called with much care.
:param principal: The service to be added in the form: service/hostname
:param kw: not used
"""
ldap = self.api.Backend.ldap
dn = ldap.find_entry_dn("krbprincipalname", principal)
return ldap.delete(dn)
def output_to_cli(self, ret):
if ret:
print "Service removed"
api.register(service_del)
class service_mod(crud.Mod):
'Edit an existing service.'
api.register(service_mod)
# There is no service-mod. The principal itself contains nothing that
# is user-changeable
class service_find(crud.Find):
'Search the existing services.'
def execute(self, principal, **kw):
ldap = self.api.Backend.ldap
kw['filter'] = "&(objectclass=krbPrincipalAux)(!(objectClass=person))(!(|(krbprincipalname=kadmin/*)(krbprincipalname=K/M@*)(krbprincipalname=krbtgt/*)))"
kw['krbprincipalname'] = principal
object_type = ldap.get_object_type("krbprincipalname")
if object_type and not kw.get('objectclass'):
kw['objectclass'] = object_type
return ldap.search(**kw)
def output_for_cli(self, services):
if not services:
return
counter = services[0]
services = services[1:]
if counter == 0:
print "No entries found"
return
elif counter == -1:
print "These results are truncated."
print "Please refine your search and try again."
for s in services:
for a in s.keys():
print "%s: %s" % (a, s[a])
api.register(service_find)
class service_show(crud.Get):
'Examine an existing service.'
def execute(self, *args, **kw):
filter = "(&(objectclass=krbPrincipalAux)(!(objectClass=person))(!(|(krbprincipalname=kadmin/*)(krbprincipalname=K/M@*)(krbprincipalname=krbtgt/*)))(&(|(krbprincipalname=%s))))" % args[0]
result = servercore.get_sub_entry(servercore.basedn, filter, ["*"])
return result
def forward(self, *args, **kw):
result = super(crud.Get, self).forward(*args, **kw)
return result
def execute(self, principal, **kw):
"""
Execute the service-show operation.
The dn should not be passed as a keyword argument as it is constructed
by this method.
Returns the entry
:param principal: The service principal to retrieve
:param kw: Not used.
"""
ldap = self.api.Backend.ldap
dn = ldap.find_entry_dn("krbprincipalname", principal)
# FIXME: should kw contain the list of attributes to display?
return ldap.retrieve(dn)
api.register(service_show)

View File

@ -243,7 +243,7 @@ class user_find(crud.Find):
object_type = ldap.get_object_type("uid")
if object_type and not kw.get('objectclass'):
kw['objectclass'] = ldap.get_object_type("uid")
kw['objectclass'] = object_type
return ldap.search(**kw)
def output_for_cli(self, users):
if not users: