Add a new objectclass, ipaObject, that will add a UUID to many IPA objects

ipaObject is defined as an auxiliary objectclass so it is up to the plugin author to ensure that the objectclass is included an a UUID generated. ipaUniqueId is a MUST attribute so if you include the objectclass you must ensure that the uuid is generated. This also fixes up some unrelated unit test failures.
2025-02-25 18:55:28 -06:00 · 2009-08-10 16:24:10 -04:00
parent dbeb409ebd
commit c781e8a57d
16 changed files with 54 additions and 31 deletions
--- a/install/share/60basev2.ldif
+++ b/install/share/60basev2.ldif
@@ -5,6 +5,7 @@ attributeTypes: (2.16.840.1.113730.3.8.3.3 NAME 'enrolledBy' DESC 'DN of adminis
 attributeTypes: (2.16.840.1.113730.3.8.3.4 NAME 'enrollmentPwd' DESC 'Password used to bulk enroll machines' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} X-ORIGIN 'IPA v2' )
 attributeTypes: (2.16.840.1.113730.3.8.3.43 NAME 'fqdn' DESC 'FQDN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' )
 objectClasses: (2.16.840.1.113730.3.8.4.1 NAME 'ipaHost' AUXILIARY MUST ( fqdn ) MAY ( userPassword $ ipaClientVersion $ enrolledBy $ memberOf) X-ORIGIN 'IPA v2' )
 objectClasses: (2.16.840.1.113730.3.8.4.44 NAME 'ipaObject' DESC 'IPA objectclass' AUXILIARY MUST ( ipaUniqueId ) X-ORIGIN 'IPA v2' )
 objectClasses: (2.16.840.1.113730.3.8.4.2 NAME 'ipaService' DESC 'IPA service objectclass' AUXILIARY MAY ( memberOf ) X-ORIGIN 'IPA v2' )
 objectClasses: (2.16.840.1.113730.3.8.4.3 NAME 'nestedGroup' DESC 'Group that supports nesting' SUP groupOfNames STRUCTURAL MAY memberOf X-ORIGIN 'IPA v2' )
 objectClasses: (2.16.840.1.113730.3.8.4.4 NAME 'ipaUserGroup' DESC 'IPA user group object class' SUP nestedGroup STRUCTURAL X-ORIGIN 'IPA v2' )
--- a/install/share/bootstrap-template.ldif
+++ b/install/share/bootstrap-template.ldif
@@ -149,6 +149,7 @@ ipaGroupObjectClasses: top
 ipaGroupObjectClasses: groupofnames
 ipaGroupObjectClasses: nestedgroup
 ipaGroupObjectClasses: ipausergroup
 ipaGroupObjectClasses: ipaobject
 ipaUserObjectClasses: top
 ipaUserObjectClasses: person
 ipaUserObjectClasses: organizationalperson
@@ -157,6 +158,7 @@ ipaUserObjectClasses: inetuser
 ipaUserObjectClasses: posixaccount
 ipaUserObjectClasses: krbprincipalaux
 ipaUserObjectClasses: radiusprofile
 ipaUserObjectClasses: ipaobject
 ipaDefaultEmailDomain: $DOMAIN
 dn: cn=account inactivation,cn=accounts,$SUFFIX
--- a/ipalib/plugins/basegroup.py
+++ b/ipalib/plugins/basegroup.py
@@ -25,6 +25,7 @@ Base plugin for groups.
 from ipalib import api, crud, errors
 from ipalib import Command, Object
 from ipalib import Flag, Int, List, Str
 from ipalib import uuid
 _default_attributes = ['cn', 'description', 'member', 'memberof']
 _default_class = 'groupofnames'
@@ -137,7 +138,7 @@ class basegroup_add(crud.Create):
    """
    Create new group.
    """
-    base_classes = ('top', _default_class)
+    base_classes = ('top', 'ipaobject', _default_class)
    def execute(self, cn, **kw):
        """
@@ -162,6 +163,8 @@ class basegroup_add(crud.Create):
        else:
            entry_attrs['objectclass'] = self.base_classes
        entry_attrs['ipauniqueid'] = str(uuid.uuid1())
        ldap.add_entry(dn, entry_attrs)
        return ldap.get_entry(dn, entry_attrs.keys())
--- a/ipalib/plugins/host.py
+++ b/ipalib/plugins/host.py
@@ -29,6 +29,7 @@ from ipalib import api, crud, errors, util
 from ipalib import Object
 from ipalib import Str, Flag
 from ipalib.plugins.service import split_principal
 from ipalib import uuid
 _container_dn = api.env.container_host
 _default_attributes = [
@@ -166,7 +167,7 @@ class host_add(crud.Create):
        # FIXME: add this attribute to cn=ipaconfig
        # config = ldap.get_ipa_config()[1]
        # kw['objectclass'] =  config.get('ipahostobjectclasses')
-        entry_attrs['objectclass'] = ['nshost', 'ipahost', 'pkiuser']
+        entry_attrs['objectclass'] = ['ipaobject', 'nshost', 'ipahost', 'pkiuser']
        if 'userpassword' not in entry_attrs:
            entry_attrs['krbprincipalname'] = 'host/%s@%s' % (
@@ -178,6 +179,8 @@ class host_add(crud.Create):
        elif 'krbprincipalaux' in entry_attrs['objectclass']:
            entry_attrs['objectclass'].remove('krbprincipalaux')
        entry_attrs['ipauniqueid'] = str(uuid.uuid1())
        ldap.add_entry(dn, entry_attrs)
        return ldap.get_entry(dn, entry_attrs.keys())
--- a/ipalib/plugins/netgroup.py
+++ b/ipalib/plugins/netgroup.py
@@ -69,9 +69,9 @@ class netgroup_add(basegroup_add):
        ldap = self.api.Backend.ldap2
        entry_attrs = self.args_options_2_entry(cn, **kw)
-        entry_attrs['ipauniqueid'] = str(uuid.uuid1())
+        entry_attrs['objectclass'] = ['top', 'ipaobject', 'ipaassociation', _default_class]
        entry_attrs['objectclass'] = ['top', 'ipaassociation', _default_class]
        entry_attrs.setdefault('nisdomainname', self.api.env.domain)
        entry_attrs['ipauniqueid'] = str(uuid.uuid1())
        dn = ldap.make_dn(entry_attrs, 'ipauniqueid', _container_dn)
--- a/ipalib/plugins/service.py
+++ b/ipalib/plugins/service.py
@@ -28,6 +28,7 @@ from OpenSSL import crypto
 from ipalib import api, crud, errors
 from ipalib import Object
 from ipalib import Str, Flag, Bytes
 from ipalib import uuid
 _container_dn = api.env.container_service
 _default_attributes = ['krbprincipalname', 'usercertificate']
@@ -152,8 +153,9 @@ class service_add(crud.Create):
        entry_attrs = self.args_options_2_entry(principal, **kw)
        entry_attrs['objectclass'] = [
            'krbprincipal', 'krbprincipalaux', 'krbticketpolicyaux',
-            'ipaservice', 'pkiuser'
+            'ipaobject', 'ipaservice', 'pkiuser'
        ]
        entry_attrs['ipauniqueid'] = str(uuid.uuid1())
        dn = ldap.make_dn(entry_attrs, 'krbprincipalname', _container_dn)
        ldap.add_entry(dn, entry_attrs)
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -24,6 +24,7 @@ Users (Identity)
 from ipalib import api, crud, errors
 from ipalib import Command, Object
 from ipalib import Flag, Int, Password, Str
 from ipalib import uuid
 # parent DN
 _container_dn = api.env.container_user
@@ -151,6 +152,8 @@ class user_add(crud.Create):
        # fill default group's gidNumber
        entry_attrs['gidnumber'] = group_attrs['gidnumber']
        entry_attrs['ipauniqueid'] = str(uuid.uuid1())
        # create user entry
        ldap.add_entry(dn, entry_attrs)
--- a/tests/test_xmlrpc/test_group_plugin.py
+++ b/tests/test_xmlrpc/test_group_plugin.py
@@ -45,6 +45,7 @@ class test_group(XMLRPC_test):
        assert res
        assert_attr_equal(res, 'description', self.description)
        assert_attr_equal(res, 'cn', self.cn)
        assert_attr_equal(res, 'objectclass', 'ipaobject')
    def test_2_group_add(self):
        """
@@ -136,24 +137,24 @@ class test_group(XMLRPC_test):
        assert_attr_equal(res, 'cn', self.cn)
        assert res.get('gidnumber', '')
-    def test_9_group_del_member(self):
+    def test_9_group_remove_member(self):
        """
-        Test the `xmlrpc.group_del_member` method.
+        Test the `xmlrpc.group_remove_member` method.
        """
        kw = {}
        kw['groups'] = self.cn2
-        (total, failed, res) = api.Command['group_del_member'](self.cn, **kw)
+        (total, failed, res) = api.Command['group_remove_member'](self.cn, **kw)
        assert res
        assert total == 1
-    def test_a_group_del_member(self):
+    def test_a_group_remove_member(self):
        """
-        Test the `xmlrpc.group_del_member` method with non-member
+        Test the `xmlrpc.group_remove_member` method with non-member
        """
        kw = {}
        kw['groups'] = u'notfound'
        # an error isn't thrown, the list of failed members is returned
-        (total, failed, res) = api.Command['group_del_member'](self.cn, **kw)
+        (total, failed, res) = api.Command['group_remove_member'](self.cn, **kw)
        assert total == 0
        assert 'notfound' in failed
--- a/tests/test_xmlrpc/test_host_plugin.py
+++ b/tests/test_xmlrpc/test_host_plugin.py
@@ -45,6 +45,7 @@ class test_host(XMLRPC_test):
        assert_attr_equal(res, 'description', self.description)
        assert_attr_equal(res, 'fqdn', self.fqdn)
        assert_attr_equal(res, 'localityname', self.localityname)
        assert_attr_equal(res, 'objectclass', 'ipaobject')
    def test_2_host_show(self):
        """
--- a/tests/test_xmlrpc/test_hostgroup_plugin.py
+++ b/tests/test_xmlrpc/test_hostgroup_plugin.py
@@ -47,6 +47,7 @@ class test_hostgroup(XMLRPC_test):
        assert res
        assert_attr_equal(res, 'description', self.description)
        assert_attr_equal(res, 'cn', self.cn)
        assert_attr_equal(res, 'objectclass', 'ipaobject')
    def test_2_host_add(self):
        """
@@ -101,13 +102,13 @@ class test_hostgroup(XMLRPC_test):
        assert_attr_equal(res, 'description', newdesc)
        assert_attr_equal(res, 'cn', self.cn)
-    def test_7_hostgroup_del_member(self):
+    def test_7_hostgroup_remove_member(self):
        """
-        Test the `xmlrpc.hostgroup_del_member` method.
+        Test the `xmlrpc.hostgroup_remove_member` method.
        """
        kw = {}
        kw['hosts'] = self.host_fqdn
-        (total, failed, res) = api.Command['hostgroup_del_member'](self.cn, **kw)
+        (total, failed, res) = api.Command['hostgroup_remove_member'](self.cn, **kw)
        assert res
        assert res[1].get('member', []) == []
--- a/tests/test_xmlrpc/test_netgroup_plugin.py
+++ b/tests/test_xmlrpc/test_netgroup_plugin.py
@@ -164,7 +164,7 @@ class test_netgroup(XMLRPC_test):
        """
        Test the `xmlrpc.netgroup_show` method.
        """
-        (dn, res) = api.Command['netgroup_show'](self.ng_cn)
+        (dn, res) = api.Command['netgroup_show'](self.ng_cn, all=True)
        assert res
        assert_attr_equal(res, 'description', self.ng_description)
        assert_attr_equal(res, 'cn', self.ng_cn)
@@ -172,6 +172,7 @@ class test_netgroup(XMLRPC_test):
        assert_is_member(res, 'cn=%s' % self.hg_cn)
        assert_is_member(res, 'uid=%s' % self.user_uid)
        assert_is_member(res, 'cn=%s' % self.group_cn)
        assert_attr_equal(res, 'objectclass', 'ipaobject')
    def test_7_netgroup_find(self):
        """
@@ -198,56 +199,56 @@ class test_netgroup(XMLRPC_test):
        assert_attr_equal(res, 'description', newdesc)
        assert_attr_equal(res, 'cn', self.ng_cn)
-    def test_9_netgroup_del_member(self):
+    def test_9_netgroup_remove_member(self):
        """
-        Test the `xmlrpc.hostgroup_del_member` method.
+        Test the `xmlrpc.hostgroup_remove_member` method.
        """
        kw = {}
        kw['hosts'] = self.host_fqdn
-        (total, failed, res) = api.Command['netgroup_del_member'](self.ng_cn, **kw)
+        (total, failed, res) = api.Command['netgroup_remove_member'](self.ng_cn, **kw)
        assert total == 1
        kw = {}
        kw['hostgroups'] = self.hg_cn
-        (total, failed, res) = api.Command['netgroup_del_member'](self.ng_cn, **kw)
+        (total, failed, res) = api.Command['netgroup_remove_member'](self.ng_cn, **kw)
        assert total == 1
        kw = {}
        kw['users'] = self.user_uid
-        (total, failed, res) = api.Command['netgroup_del_member'](self.ng_cn, **kw)
+        (total, failed, res) = api.Command['netgroup_remove_member'](self.ng_cn, **kw)
        assert total == 1
        kw = {}
        kw['groups'] = self.group_cn
-        (total, failed, res) = api.Command['netgroup_del_member'](self.ng_cn, **kw)
+        (total, failed, res) = api.Command['netgroup_remove_member'](self.ng_cn, **kw)
        assert total == 1
-    def test_a_netgroup_del_member(self):
+    def test_a_netgroup_remove_member(self):
        """
-        Test the `xmlrpc.netgroup_del_member` method again to test not found.
+        Test the `xmlrpc.netgroup_remove_member` method again to test not found.
        """
        kw = {}
        kw['hosts'] = self.host_fqdn
-        (total, failed, res) = api.Command['netgroup_del_member'](self.ng_cn, **kw)
+        (total, failed, res) = api.Command['netgroup_remove_member'](self.ng_cn, **kw)
        assert total == 0
        assert self.host_fqdn in failed
        kw = {}
        kw['hostgroups'] = self.hg_cn
-        (total, failed, res) = api.Command['netgroup_del_member'](self.ng_cn, **kw)
+        (total, failed, res) = api.Command['netgroup_remove_member'](self.ng_cn, **kw)
        assert total == 0
        assert self.hg_cn in failed
        kw = {}
        kw['users'] = self.user_uid
        (dn, res) = api.Command['netgroup_show'](self.ng_cn, all=True)
-        (total, failed, res) = api.Command['netgroup_del_member'](self.ng_cn, **kw)
+        (total, failed, res) = api.Command['netgroup_remove_member'](self.ng_cn, **kw)
        assert total == 0
        assert self.user_uid in failed
        kw = {}
        kw['groups'] = self.group_cn
-        (total, failed, res) = api.Command['netgroup_del_member'](self.ng_cn, **kw)
+        (total, failed, res) = api.Command['netgroup_remove_member'](self.ng_cn, **kw)
        assert total == 0
        assert self.group_cn in failed
--- a/tests/test_xmlrpc/test_passwd_plugin.py
+++ b/tests/test_xmlrpc/test_passwd_plugin.py
@@ -47,6 +47,7 @@ class test_passwd(XMLRPC_test):
        assert_attr_equal(res, 'sn', self.sn)
        assert_attr_equal(res, 'uid', self.uid)
        assert_attr_equal(res, 'homedirectory', self.home)
        assert_attr_equal(res, 'objectclass', 'ipaobject')
    def test_2_set_passwd(self):
        """
--- a/tests/test_xmlrpc/test_rolegroup_plugin.py
+++ b/tests/test_xmlrpc/test_rolegroup_plugin.py
@@ -46,6 +46,7 @@ class test_rolegroup(XMLRPC_test):
        assert res
        assert_attr_equal(res, 'description', self.description)
        assert_attr_equal(res, 'cn', self.cn)
        assert_attr_equal(res, 'objectclass', 'ipaobject')
    def test_2_add_group(self):
        """
@@ -102,13 +103,13 @@ class test_rolegroup(XMLRPC_test):
        assert_attr_equal(res, 'description', newdesc)
        assert_attr_equal(res, 'cn', self.cn)
-    def test_7_rolegroup_del_member(self):
+    def test_7_rolegroup_remove_member(self):
        """
-        Test the `xmlrpc.rolegroup_del_member` method.
+        Test the `xmlrpc.rolegroup_remove_member` method.
        """
        kw = {}
        kw['groups'] = self.rolegroup_cn
-        (total, failed, res) = api.Command['rolegroup_del_member'](self.cn, **kw)
+        (total, failed, res) = api.Command['rolegroup_remove_member'](self.cn, **kw)
        assert total == 1
    def test_8_rolegroup_del(self):
--- a/tests/test_xmlrpc/test_service_plugin.py
+++ b/tests/test_xmlrpc/test_service_plugin.py
@@ -42,6 +42,7 @@ class test_service(XMLRPC_test):
        (dn, res) = api.Command['service_add'](**self.kw)
        assert res
        assert_attr_equal(res, 'krbprincipalname', self.principal)
        assert_attr_equal(res, 'objectclass', 'ipaobject')
    def test_2_service_add(self):
        """
--- a/tests/test_xmlrpc/test_taskgroup_plugin.py
+++ b/tests/test_xmlrpc/test_taskgroup_plugin.py
@@ -49,6 +49,7 @@ class test_taskgroup(XMLRPC_test):
        assert res
        assert_attr_equal(res, 'description', self.description)
        assert_attr_equal(res, 'cn', self.cn)
        assert_attr_equal(res, 'objectclass', 'ipaobject')
    def test_2_add_rolegroup(self):
        """
@@ -124,7 +125,7 @@ class test_taskgroup(XMLRPC_test):
        """
        kw = {}
        kw['groups'] = self.taskgroup_cn
-        (total, failed, res) = api.Command['taskgroup_del_member'](self.cn, **kw)
+        (total, failed, res) = api.Command['taskgroup_remove_member'](self.cn, **kw)
        assert total == 1
    def test_9_taskgroup_del(self):
--- a/tests/test_xmlrpc/test_user_plugin.py
+++ b/tests/test_xmlrpc/test_user_plugin.py
@@ -48,6 +48,7 @@ class test_user(XMLRPC_test):
        assert_attr_equal(res, 'sn', self.sn)
        assert_attr_equal(res, 'uid', self.uid)
        assert_attr_equal(res, 'homedirectory', self.home)
        assert_attr_equal(res, 'objectclass', 'ipaobject')
    def test_2_user_add(self):
        """