IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

The default groups we create should have ipaUniqueId set

Browse Source 
This adds a new directive to ipa-ldap-updater: addifnew. This will add
a new attribute only if it doesn't exist in the current entry. We can't
compare values because the value we are adding is automatically generated.

ticket 1177
This commit is contained in:
Rob Crittenden 2011-04-14 14:37:45 -04:00 committed by Martin Kosek
parent e3ec1fb7ef
commit fe67680da5
5 changed files with 31 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
install/share/bootstrap-template.ldif
View File

@ -188,11 +188,13 @@ objectClass: top
objectClass: groupofnames objectClass: groupofnames
objectClass: posixgroup objectClass: posixgroup
objectClass: ipausergroup objectClass: ipausergroup
objectClass: ipaobject
cn: admins cn: admins
description: Account administrators group description: Account administrators group
gidNumber: $IDSTART gidNumber: $IDSTART
member: uid=admin,cn=users,cn=accounts,$SUFFIX member: uid=admin,cn=users,cn=accounts,$SUFFIX
nsAccountLock: False nsAccountLock: False
ipaUniqueID: autogenerate
dn: cn=ipausers,cn=groups,cn=accounts,$SUFFIX dn: cn=ipausers,cn=groups,cn=accounts,$SUFFIX
changetype: add changetype: add
@ -201,9 +203,11 @@ objectClass: groupofnames
objectClass: nestedgroup objectClass: nestedgroup
objectClass: ipausergroup objectClass: ipausergroup
objectClass: posixgroup objectClass: posixgroup
objectClass: ipaobject
gidNumber: eval($IDSTART+1) gidNumber: eval($IDSTART+1)
description: Default group for all users description: Default group for all users
cn: ipausers cn: ipausers
ipaUniqueID: autogenerate
dn: cn=editors,cn=groups,cn=accounts,$SUFFIX dn: cn=editors,cn=groups,cn=accounts,$SUFFIX
changetype: add changetype: add
@ -211,9 +215,11 @@ objectClass: top
objectClass: groupofnames objectClass: groupofnames
objectClass: posixgroup objectClass: posixgroup
objectClass: ipausergroup objectClass: ipausergroup
objectClass: ipaobject
gidNumber: eval($IDSTART+2) gidNumber: eval($IDSTART+2)
description: Limited admins who can edit other users description: Limited admins who can edit other users
cn: editors cn: editors
ipaUniqueID: autogenerate
dn: cn=sshd,cn=hbacservices,cn=hbac,$SUFFIX dn: cn=sshd,cn=hbacservices,cn=hbac,$SUFFIX
changetype: add changetype: add

3
install/tools/man/ipa-ldap-updater.1
View File

@ -29,7 +29,7 @@ An update file describes an LDAP entry and a set of operations to be performed o
Blank lines and lines beginning with # are ignored. Blank lines and lines beginning with # are ignored.
There are 4 keywords: There are 7 keywords:
* default: the starting value * default: the starting value
* add: add a value (or values) to an attribute * add: add a value (or values) to an attribute
@ -37,6 +37,7 @@ There are 4 keywords:
* only: set an attribute to this * only: set an attribute to this
* deleteentry: remove the entry * deleteentry: remove the entry
* replace: replace an existing value, format is old: new * replace: replace an existing value, format is old: new
* addifnew: add a new attribute and value only if the attribute doesn't already exist. Only works with single-value attributes.
Values is a comma\-separated field so multi\-values may be added at one time. Double or single quotes may be put around individual values that contain embedded commas. Values is a comma\-separated field so multi\-values may be added at one time. Double or single quotes may be put around individual values that contain embedded commas.

12
install/updates/50-groupuuid.update Normal file
View File

@ -0,0 +1,12 @@
# The groups added in bootstrap-template.ldif didn't include ipaUniqueId
dn: cn=admins,cn=groups,cn=accounts,$SUFFIX
add:objectclass: ipaobject
addifnew:ipaUniqueID: autogenerate
dn: cn=ipausers,cn=groups,cn=accounts,$SUFFIX
add:objectclass: ipaobject
addifnew:ipaUniqueID: autogenerate
dn: cn=editors,cn=groups,cn=accounts,$SUFFIX
add:objectclass: ipaobject
addifnew:ipaUniqueID: autogenerate

3
install/updates/Makefile.am
View File

@ -13,8 +13,9 @@ app_DATA = \
20-winsync_index.update \ 20-winsync_index.update \
21-replicas_container.update \ 21-replicas_container.update \
40-delegation.update \ 40-delegation.update \
50-lockout-policy.update \
45-roles.update \ 45-roles.update \
50-lockout-policy.update \
50-groupuuid.update \
$(NULL) $(NULL)
EXTRA_DIST = \ EXTRA_DIST = \

10
ipaserver/install/ldapupdate.py
View File

@ -249,7 +249,7 @@ class LDAPUpdate:
def parse_update_file(self, data, all_updates, dn_list): def parse_update_file(self, data, all_updates, dn_list):
"""Parse the update file into a dictonary of lists and apply the update """Parse the update file into a dictonary of lists and apply the update
for each DN in the file.""" for each DN in the file."""
valid_keywords = ["default", "add", "remove", "only", "deleteentry", "replace"] valid_keywords = ["default", "add", "remove", "only", "deleteentry", "replace", "addifnew"]
update = {} update = {}
d = "" d = ""
index = "" index = ""
@ -461,6 +461,14 @@ class LDAPUpdate:
e.append(v) e.append(v)
logging.debug('add: updated value %s', e) logging.debug('add: updated value %s', e)
entry.setValues(k, e) entry.setValues(k, e)
elif utype == 'addifnew':
logging.debug("addifnew: '%s' to %s, current value %s", v, k, e)
# Only add the attribute if it doesn't exist. Only works
# with single-value attributes.
if len(e) == 0:
e.append(v)
logging.debug('addifnew: set %s to %s', (k, e))
entry.setValues(k, e)
elif utype == 'only': elif utype == 'only':
logging.debug("only: set %s to '%s', current value %s", k, v, e) logging.debug("only: set %s to '%s', current value %s", k, v, e)
if only.get(k): if only.get(k):