Remove group nesting from the HBAC service groups

ticket 389
2025-01-11 08:41:55 -06:00 · 2010-10-26 13:56:54 -04:00 · 2010-10-26 13:56:54 -04:00 · c1dfb50ee9
commit c1dfb50ee9
parent 4f8e4482b3
3 changed files with 4 additions and 12 deletions
--- a/install/share/60basev2.ldif
+++ b/install/share/60basev2.ldif
@ -41,7 +41,7 @@ objectClasses: (1.3.6.1.1.1.2.17 NAME 'automount' DESC 'Automount information' S
 attributeTypes: (2.16.840.1.113730.3.8.3.17 NAME 'hostCApolicy' DESC 'Policy on how to treat host requests for cert operations.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v2' )
 objectClasses: (2.16.840.1.113730.3.8.4.9 NAME 'ipaCAaccess' STRUCTURAL MAY (member $ hostCApolicy) X-ORIGIN 'IPA v2' )
 objectClasses: (2.16.840.1.113730.3.8.4.10 NAME 'ipaHBACService' STRUCTURAL MUST ( cn ) MAY ( description $ memberOf ) X-ORIGIN 'IPA v2' )
-objectClasses: (2.16.840.1.113730.3.8.4.11 NAME 'ipaHBACServiceGroup' DESC 'IPA HBAC service group object class' SUP nestedGroup STRUCTURAL X-ORIGIN 'IPA v2' )
+objectClasses: (2.16.840.1.113730.3.8.4.11 NAME 'ipaHBACServiceGroup' DESC 'IPA HBAC service group object class' SUP groupOfNames STRUCTURAL X-ORIGIN 'IPA v2' )
 attributeTypes: (1.3.6.1.4.1.2428.20.0.0 NAME 'dNSTTL' DESC 'An integer denoting time to live' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
 attributeTypes: (1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass' DESC 'The class of a resource record' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 attributeTypes: (1.3.6.1.4.1.2428.20.1.12 NAME 'pTRRecord' DESC 'domain name pointer, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
--- a/ipalib/plugins/hbacsvcgroup.py
+++ b/ipalib/plugins/hbacsvcgroup.py
@ -20,8 +20,7 @@
 HBAC Service Groups

 HBAC service groups can contain any number of individual services,
-or "members", and can also contain other service groups. Every group must
-have a description.
+or "members". Every group must have a description.

 EXAMPLES:

@ -37,7 +36,6 @@ EXAMPLES:
 Add a new group to the "login" group:
   ipa hbacsvcgroup-add --desc="switch users" suers
   ipa hbacsvcgroup-add-member --hbacsvcs=su,su-l suers
-   ipa hbacsvsgroup-add-member --hbacsvsgroups=suers login

 Delete an HBAC services group:
   ipa hbacsvcgroup-del login
@ -56,14 +54,10 @@ class hbacsvcgroup(LDAPObject):
    object_name = 'hbacsvcgroup'
    object_name_plural = 'hbacsvcgroups'
    object_class = ['ipaobject', 'ipahbacservicegroup']
-    default_attributes = [ 'cn', 'description', 'member', 'memberof',
-        'memberindirect',
-    ]
+    default_attributes = [ 'cn', 'description', 'member' ]
    uuid_attribute = 'ipauniqueid'
    attribute_members = {
-        'member': ['hbacsvc', 'hbacsvcgroup'],
-        'memberof': ['hbacsvcgroup'],
-        'memberindirect': ['hbacsvc', 'hbacsvcgroup'],
+        'member': ['hbacsvc'],
    }

    label = _('HBAC Service Groups')
--- a/tests/test_xmlrpc/test_hbacsvcgroup_plugin.py
+++ b/tests/test_xmlrpc/test_hbacsvcgroup_plugin.py
@ -123,7 +123,6 @@ class test_hbacsvcgroup(Declarative):
                failed=dict(
                    member=dict(
                        hbacsvc=tuple(),
-                        hbacsvcgroup=tuple(),
                    ),
                ),
                result={
@ -213,7 +212,6 @@ class test_hbacsvcgroup(Declarative):
                failed=dict(
                    member=dict(
                        hbacsvc=tuple(),
-                        hbacsvcgroup=tuple(),
                    ),
                ),
                completed=1,