IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

idviews: Add Default Trust View as part of adtrustinstall

Browse Source 
Add a Default Trust View, which is used by SSSD as default mapping for AD users.

Part of: https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Tomas Babej 2014-09-22 12:19:26 +02:00 committed by Martin Kosek
parent 2131187ea9
commit b9425751b4
3 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
install/share/Makefile.am
View File

@ -26,6 +26,7 @@ app_DATA = \
default-aci.ldif \ default-aci.ldif \
default-hbac.ldif \ default-hbac.ldif \
default-smb-group.ldif \ default-smb-group.ldif \
default-trust-view.ldif \
delegation.ldif \ delegation.ldif \
disable-betxn.ldif \ disable-betxn.ldif \
replica-acis.ldif \ replica-acis.ldif \

6
install/share/default-trust-view.ldif Normal file
View File

@ -0,0 +1,6 @@
dn: cn=Default Trust View,cn=views,cn=accounts,$SUFFIX
changetype: add
cn: Default Trust View
description: Default Trust View for AD users. Should not be deleted.
objectclass: top
objectclass: ipaIDView

22
ipaserver/install/adtrustinstance.py
View File

@ -237,6 +237,27 @@ class ADTRUSTInstance(service.Service):
except: except:
self.print_msg("Failed to modify IPA admin group object") self.print_msg("Failed to modify IPA admin group object")
def __add_default_trust_view(self):
default_view_dn = DN(('cn', 'Default Trust View'),
api.env.container_views, self.suffix)
try:
self.admin_conn.get_entry(default_view_dn)
except errors.NotFound:
try:
self._ldap_mod('default-trust-view.ldif', self.sub_dict)
except Exception, e:
self.print_msg("Failed to add default trust view.")
raise e
else:
self.print_msg("Default Trust View already exists.")
# _ldap_mod does not return useful error codes, so we must check again
# if the default trust view was created properly.
try:
self.admin_conn.get_entry(default_view_dn)
except errors.NotFound:
self.print_msg("Failed to add Default Trust View.")
def __add_fallback_group(self): def __add_fallback_group(self):
""" """
@ -847,6 +868,7 @@ class ADTRUSTInstance(service.Service):
self.step("restarting Directory Server to take MS PAC and LDAP plugins changes into account", \ self.step("restarting Directory Server to take MS PAC and LDAP plugins changes into account", \
self.__restart_dirsrv) self.__restart_dirsrv)
self.step("adding fallback group", self.__add_fallback_group) self.step("adding fallback group", self.__add_fallback_group)
self.step("adding Default Trust View", self.__add_default_trust_view)
self.step("setting SELinux booleans", \ self.step("setting SELinux booleans", \
self.__configure_selinux_for_smbd) self.__configure_selinux_for_smbd)
self.step("starting CIFS services", self.__start) self.step("starting CIFS services", self.__start)