ipa-addradiusclient now working

ipa-admintools/ipa-addradiusclient

@@ -163,7 +163,7 @@ def main():
     nastype = None
     desc = None
 
-    client=ipa.radius_client.RadiusClient()
+    radius_client = ipa.radius_client.RadiusClient()
     options, args = parse_options()
 
     # client address is required
@@ -205,29 +205,29 @@ def main():
     #print "ip_addr=%s secret=%s name=%s nastype=%s desc=%s" % (ip_addr, secret, name, nastype, desc)
 
     if ip_addr is not None:
-        client.setValue('radiusClientNASIpAddress', ip_addr)
+        radius_client.setValue('radiusClientNASIpAddress', ip_addr)
     else:
         print "client IP Address is required"
         return 1
 
     if secret is not None:
-        client.setValue('radiusClientSecret', secret)
+        radius_client.setValue('radiusClientSecret', secret)
     else:
         print "client secret is required"
         return 1
 
     if name is not None:
-        client.setValue('radiusClientShortName', name)
+        radius_client.setValue('radiusClientShortName', name)
 
     if nastype is not None:
-        client.setValue('radiusClientNASType', nastype)
+        radius_client.setValue('radiusClientNASType', nastype)
        
     if desc is not None:
-        client.setValue('description', desc)
+        radius_client.setValue('description', desc)
        
     try:
-        client = ipaclient.IPAClient()
-        client.add_radius_client(client)
+        ipa_client = ipaclient.IPAClient()
+        ipa_client.add_radius_client(radius_client)
         print "successfully added"
     except xmlrpclib.Fault, f:
         print f.faultString

ipa-python/ipaclient.py

@@ -331,3 +331,14 @@ class IPAClient:
                 entries.append(user.User(e))
 
         return entries
+
+    def add_radius_client(self,client):
+        client_dict = client.toDict()
+
+        # dn is set on the server-side
+        del client_dict['dn']
+
+        # convert to a regular dict before sending
+        result = self.transport.add_radius_client(client_dict)
+        return result
+

ipa-python/rpcclient.py

@@ -591,3 +591,16 @@ class RPCClient:
             raise xmlrpclib.Fault(value, msg)
 
         return ipautil.unwrap_binary_data(result)
+
+    def add_radius_client(self,client):
+        server = self.setup_server()
+
+        try:
+            result = server.add_radius_client(ipautil.wrap_binary_data(client))
+        except xmlrpclib.Fault, fault:
+            raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
+        except socket.error, (value, msg):
+            raise xmlrpclib.Fault(value, msg)
+
+        return ipautil.unwrap_binary_data(result)
+        

ipa-server/ipa-install/share/bootstrap-template.ldif

@@ -92,11 +92,11 @@ objectClass: nsContainer
 objectClass: top
 cn: profiles
 
-dn: uid=ipa_default, cn=profiles,cn=radius,cn=services,cn=etc,$SUFFIX
+dn: cn=ipa_default, cn=profiles,cn=radius,cn=services,cn=etc,$SUFFIX
 changetype: add
 objectClass: top
 objectClass: radiusprofile
-uid: ipa_default
+cn: ipa_default
 
 dn: cn=admins,cn=groups,cn=accounts,$SUFFIX
 changetype: add

ipa-server/ipaserver/dsinstance.py

@@ -78,7 +78,7 @@ class DsInstance(service.Service):
         self.dm_password = dm_password
         self.__setup_sub_dict()
 
-        self.start_creation(11, "Configuring directory server:")
+        self.start_creation(14, "Configuring directory server:")
         self.__create_ds_user()
         self.__create_instance()
         self.__add_default_schemas()

ipa-server/ipaserver/radiusinstance.py

@@ -122,7 +122,8 @@ class RadiusInstance(service.Service):
                     'RADIUS_USER_BASE_DN'      : self.user_basedn,
                     'ACCESS_ATTRIBUTE'         : '',
                     'ACCESS_ATTRIBUTE_DEFAULT' : 'TRUE',
-                    'CLIENTS_BASEDN'           : 'cn=clients,cn=radius,cn=services,cn=etc,%s' % self.suffix
+                    'CLIENTS_BASEDN'           : 'cn=clients,cn=radius,cn=services,cn=etc,%s' % self.suffix,
+                    'SUFFIX'                   : self.suffix,
                     }
         try:
             radiusd_conf = template_file(RADIUSD_CONF_TEMPLATE_FILEPATH, sub_dict)
@@ -164,10 +165,11 @@ class RadiusInstance(service.Service):
         except Exception, e:
             logging.error("could not chown on %s to %s: %s", IPA_KEYTAB_FILEPATH, RADIUS_USER, e)
 
+    #FIXME, should use IPAdmin method
     def __set_ldap_encrypted_attributes(self):
         ldif_file = 'encrypted_attribute.ldif'
         self.step("setting ldap encrypted attributes")
-        ldif_txt = template_file(SHARE_DIR + ldif_file, {'ENCRYPTED_ATTRIBUTE':'radiusClientSecret')
+        ldif_txt = template_file(SHARE_DIR + ldif_file, {'ENCRYPTED_ATTRIBUTE':'radiusClientSecret'})
         ldif_fd = write_tmp_file(ldif_txt)
         try:
             ldap_mod(ldif_fd, "cn=Directory Manager", self.dm_password)

ipa-server/xmlrpc-server/funcs.py

@@ -456,22 +456,38 @@ class IPAServer:
             self.releaseConnection(conn)
         return res
     
+    def __is_radius_client_unique(self, ip_addr, opts):
+        """Return 1 if the radius client is unique in the tree, 0 otherwise."""
+        ip_addr = self.__safe_filter(ip_addr)
+        basedn = 'cn=clients,cn=radius,cn=services,cn=etc,%s' % self.basedn # FIXME, should not be hardcoded
+
+        filter = "(&(radiusClientNASIpAddress=%s)(objectclass=radiusClientProfile))" % ip_addr
+ 
+        try:
+            entry = self.__get_sub_entry(basedn, filter, ['dn','uid'], opts)
+            return 0
+        except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
+            return 1
+
     def add_radius_client (self, client, opts=None):
+        print "add_radius_client:"
         client_container = 'cn=clients,cn=radius,cn=services,cn=etc' # FIXME, should not be hardcoded
-        if self.__is_client_unique(client['radiusClientNASIpAddress'], opts) == 0:
+        if self.__is_radius_client_unique(client['radiusClientNASIpAddress'], opts) == 0:
             raise ipaerror.gen_exception(ipaerror.LDAP_DUPLICATE)
 
         dn="radiusClientNASIpAddress=%s,%s,%s" % (ldap.dn.escape_dn_chars(client['radiusClientNASIpAddress']),
                              client_container,self.basedn)
-        entry = ipaserver.ipaldap.Entry(dn)
 
-        # FIXME: This should be dynamic and can include just about anything
+        print "add_radius_client: dn=%s" % (dn)
+
+        entry = ipaserver.ipaldap.Entry(dn)
 
         # some required objectclasses
         entry.setValues('objectClass', 'top', 'radiusClientProfile')
 
         # fill in our new entry with everything sent by the client
         for u in client:
+            print "add_radius_client: attr=%s %s" % (u, client[u])
             entry.setValues(u, client[u])
 
         conn = self.getConnection(opts)

ipa-server/xmlrpc-server/ipaxmlrpc.py

@@ -351,6 +351,7 @@ def handler(req, profiling=False):
             h.register_function(f.delete_group)
             h.register_function(f.attrs_to_labels)
             h.register_function(f.group_members)
+            h.register_function(f.add_radius_client)
             h.handle_request(req)
         finally:
              pass