IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-11 16:51:55 -06:00
Code Issues Packages Projects Releases Wiki Activity

Remove group nesting from the HBAC service groups

Browse Source 
ticket 389
This commit is contained in:
Rob Crittenden 2010-10-26 13:56:54 -04:00
parent 4f8e4482b3
commit c1dfb50ee9
3 changed files with 4 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
install/share/60basev2.ldif
View File

@ -41,7 +41,7 @@ objectClasses: (1.3.6.1.1.1.2.17 NAME 'automount' DESC 'Automount information' S
attributeTypes: (2.16.840.1.113730.3.8.3.17 NAME 'hostCApolicy' DESC 'Policy on how to treat host requests for cert operations.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v2' ) attributeTypes: (2.16.840.1.113730.3.8.3.17 NAME 'hostCApolicy' DESC 'Policy on how to treat host requests for cert operations.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730.3.8.4.9 NAME 'ipaCAaccess' STRUCTURAL MAY (member $ hostCApolicy) X-ORIGIN 'IPA v2' ) objectClasses: (2.16.840.1.113730.3.8.4.9 NAME 'ipaCAaccess' STRUCTURAL MAY (member $ hostCApolicy) X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730.3.8.4.10 NAME 'ipaHBACService' STRUCTURAL MUST ( cn ) MAY ( description $ memberOf ) X-ORIGIN 'IPA v2' ) objectClasses: (2.16.840.1.113730.3.8.4.10 NAME 'ipaHBACService' STRUCTURAL MUST ( cn ) MAY ( description $ memberOf ) X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730.3.8.4.11 NAME 'ipaHBACServiceGroup' DESC 'IPA HBAC service group object class' SUP nestedGroup STRUCTURAL X-ORIGIN 'IPA v2' ) objectClasses: (2.16.840.1.113730.3.8.4.11 NAME 'ipaHBACServiceGroup' DESC 'IPA HBAC service group object class' SUP groupOfNames STRUCTURAL X-ORIGIN 'IPA v2' )
attributeTypes: (1.3.6.1.4.1.2428.20.0.0 NAME 'dNSTTL' DESC 'An integer denoting time to live' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributeTypes: (1.3.6.1.4.1.2428.20.0.0 NAME 'dNSTTL' DESC 'An integer denoting time to live' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributeTypes: (1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass' DESC 'The class of a resource record' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: (1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass' DESC 'The class of a resource record' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeTypes: (1.3.6.1.4.1.2428.20.1.12 NAME 'pTRRecord' DESC 'domain name pointer, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: (1.3.6.1.4.1.2428.20.1.12 NAME 'pTRRecord' DESC 'domain name pointer, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

12
ipalib/plugins/hbacsvcgroup.py
View File

@ -20,8 +20,7 @@
HBAC Service Groups HBAC Service Groups
HBAC service groups can contain any number of individual services, HBAC service groups can contain any number of individual services,
or "members", and can also contain other service groups. Every group must or "members". Every group must have a description.
have a description.
EXAMPLES: EXAMPLES:
@ -37,7 +36,6 @@ EXAMPLES:
Add a new group to the "login" group: Add a new group to the "login" group:
ipa hbacsvcgroup-add --desc="switch users" suers ipa hbacsvcgroup-add --desc="switch users" suers
ipa hbacsvcgroup-add-member --hbacsvcs=su,su-l suers ipa hbacsvcgroup-add-member --hbacsvcs=su,su-l suers
ipa hbacsvsgroup-add-member --hbacsvsgroups=suers login
Delete an HBAC services group: Delete an HBAC services group:
ipa hbacsvcgroup-del login ipa hbacsvcgroup-del login
@ -56,14 +54,10 @@ class hbacsvcgroup(LDAPObject):
object_name = 'hbacsvcgroup' object_name = 'hbacsvcgroup'
object_name_plural = 'hbacsvcgroups' object_name_plural = 'hbacsvcgroups'
object_class = ['ipaobject', 'ipahbacservicegroup'] object_class = ['ipaobject', 'ipahbacservicegroup']
default_attributes = [ 'cn', 'description', 'member', 'memberof', default_attributes = [ 'cn', 'description', 'member' ]
'memberindirect',
]
uuid_attribute = 'ipauniqueid' uuid_attribute = 'ipauniqueid'
attribute_members = { attribute_members = {
'member': ['hbacsvc', 'hbacsvcgroup'], 'member': ['hbacsvc'],
'memberof': ['hbacsvcgroup'],
'memberindirect': ['hbacsvc', 'hbacsvcgroup'],
} }
label = _('HBAC Service Groups') label = _('HBAC Service Groups')

2
tests/test_xmlrpc/test_hbacsvcgroup_plugin.py
View File

@ -123,7 +123,6 @@ class test_hbacsvcgroup(Declarative):
failed=dict( failed=dict(
member=dict( member=dict(
hbacsvc=tuple(), hbacsvc=tuple(),
hbacsvcgroup=tuple(),
), ),
), ),
result={ result={
@ -213,7 +212,6 @@ class test_hbacsvcgroup(Declarative):
failed=dict( failed=dict(
member=dict( member=dict(
hbacsvc=tuple(), hbacsvc=tuple(),
hbacsvcgroup=tuple(),
), ),
), ),
completed=1, completed=1,