mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-05 13:45:03 -06:00
58746226d4
The attributes displayed is now dependant upon their definition in a Param. This enhances that, giving some level of control over how the result is displayed to the user. This also fixes displaying group membership, including failures of adding/removing entries. All tests pass now though there is still one problem. We need to return the dn as well. Once that is fixed we just need to comment out all the dn entries in the tests and they should once again pass.
284 lines
7.9 KiB
Python
284 lines
7.9 KiB
Python
# Authors:
|
|
# Jason Gerard DeRose <jderose@redhat.com>
|
|
# Pavel Zuna <pzuna@redhat.com>
|
|
#
|
|
# Copyright (C) 2008 Red Hat
|
|
# see file 'COPYING' for use and warranty information
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU General Public License as
|
|
# published by the Free Software Foundation; version 2 only
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program; if not, write to the Free Software
|
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
"""
|
|
Users (Identity)
|
|
"""
|
|
|
|
from ipalib import api, errors
|
|
from ipalib import Flag, Int, Password, Str
|
|
from ipalib.plugins.baseldap import *
|
|
from ipalib import _, ngettext
|
|
|
|
|
|
class user(LDAPObject):
|
|
"""
|
|
User object.
|
|
"""
|
|
container_dn = api.env.container_user
|
|
object_name = 'user'
|
|
object_name_plural = 'users'
|
|
object_class = ['posixaccount']
|
|
object_class_config = 'ipauserobjectclasses'
|
|
default_attributes = [
|
|
'uid', 'givenname', 'sn', 'homedirectory', 'loginshell', 'ou',
|
|
'telephonenumber', 'title', 'memberof',
|
|
]
|
|
uuid_attribute = 'ipauniqueid'
|
|
attribute_names = {
|
|
'uid': 'user id',
|
|
'cn': 'full name',
|
|
'givenname': 'first name',
|
|
'sn': 'last name',
|
|
'homedirectory': 'home directory',
|
|
'loginshell': 'login shell',
|
|
'krbprincipalname': 'kerberos principal',
|
|
'krblastpwdchange': 'last password change',
|
|
'krbpasswordexpiration': 'password expiration',
|
|
'uidnumber': 'uid number',
|
|
'gidnumber': 'gid number',
|
|
'memberof_group': 'member of groups',
|
|
'memberof_netgroup': 'member of netgroups',
|
|
'memberof_rolegroup': 'member of rolegroups',
|
|
'memberof_taskgroup': 'member of taskgroups',
|
|
'ipauniqueid': 'unique identifier'
|
|
}
|
|
attribute_order = [
|
|
'uid', 'cn', 'givenname', 'sn', 'title', 'telephonenumber', 'ou',
|
|
'homedirectory', 'loginshell', 'uidnumber', 'gidnumber', 'gecos',
|
|
'krbprincipalname', 'krblastpwdchange', 'krbpasswordexpiration',
|
|
]
|
|
attribute_members = {
|
|
'memberof': ['group', 'netgroup', 'rolegroup', 'taskgroup'],
|
|
}
|
|
|
|
label = _('Users')
|
|
|
|
takes_params = (
|
|
Str('uid',
|
|
cli_name='login',
|
|
label='User login',
|
|
primary_key=True,
|
|
default_from=lambda givenname, sn: givenname[0] + sn,
|
|
normalizer=lambda value: value.lower(),
|
|
),
|
|
Str('givenname',
|
|
cli_name='first',
|
|
label='First name',
|
|
),
|
|
Str('sn',
|
|
cli_name='last',
|
|
label='Last name',
|
|
),
|
|
Str('homedirectory?',
|
|
cli_name='homedir',
|
|
label='Home directory',
|
|
default_from=lambda uid: '/home/%s' % uid,
|
|
),
|
|
Str('gecos?',
|
|
label='GECOS field',
|
|
default_from=lambda uid: uid,
|
|
autofill=True,
|
|
),
|
|
Str('loginshell?',
|
|
cli_name='shell',
|
|
label='Login shell',
|
|
default=u'/bin/sh',
|
|
),
|
|
Str('krbprincipalname?',
|
|
cli_name='principal',
|
|
label='Kerberos principal',
|
|
default_from=lambda uid: '%s@%s' % (uid, api.env.realm),
|
|
autofill=True,
|
|
),
|
|
Str('mail?',
|
|
cli_name='email',
|
|
label='Email address',
|
|
),
|
|
Password('userpassword?',
|
|
cli_name='password',
|
|
label='Password',
|
|
doc='Set the user password',
|
|
# FIXME: This is temporary till bug is fixed causing updates to
|
|
# bomb out via the webUI.
|
|
exclude='webui',
|
|
),
|
|
Int('uidnumber?',
|
|
cli_name='uid',
|
|
label='UID',
|
|
doc='UID (use this option to set it manually)',
|
|
),
|
|
Str('street?',
|
|
cli_name='street',
|
|
label='Street address',
|
|
),
|
|
Str('memberof_group?',
|
|
label='Groups',
|
|
flags=['no_create', 'no_update', 'no_search'],
|
|
),
|
|
)
|
|
|
|
api.register(user)
|
|
|
|
|
|
class user_add(LDAPCreate):
|
|
"""
|
|
Create new user.
|
|
"""
|
|
|
|
msg_summary = _('Added user "%(value)s"')
|
|
|
|
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
|
|
config = ldap.get_ipa_config()[1]
|
|
entry_attrs.setdefault('loginshell', config.get('ipadefaultloginshell'))
|
|
# hack so we can request separate first and last name in CLI
|
|
full_name = '%s %s' % (entry_attrs['givenname'], entry_attrs['sn'])
|
|
entry_attrs.setdefault('cn', full_name)
|
|
if 'homedirectory' not in entry_attrs:
|
|
# get home's root directory from config
|
|
homes_root = config.get('ipahomesrootdir', '/home')[0]
|
|
# build user's home directory based on his uid
|
|
home_dir = '%s/%s' % (homes_root, keys[-1])
|
|
home_dir = home_dir.replace('//', '/').rstrip('/')
|
|
entry_attrs['homedirectory'] = home_dir
|
|
|
|
# we're adding new users to a default group, get its gidNumber
|
|
# get default group name from config
|
|
def_primary_group = config.get('ipadefaultprimarygroup')
|
|
group_dn = self.api.Object['group'].get_dn(def_primary_group)
|
|
try:
|
|
(group_dn, group_attrs) = ldap.get_entry(group_dn, ['gidnumber'])
|
|
except errors.NotFound:
|
|
error_msg = 'Default group for new users not found.'
|
|
raise errors.NotFound(reason=error_msg)
|
|
entry_attrs['gidnumber'] = group_attrs['gidnumber']
|
|
|
|
return dn
|
|
|
|
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
|
|
config = ldap.get_ipa_config()[1]
|
|
# add the user we just created into the default primary group
|
|
def_primary_group = config.get('ipadefaultprimarygroup')
|
|
group_dn = self.api.Object['group'].get_dn(def_primary_group)
|
|
ldap.add_entry_to_group(dn, group_dn)
|
|
return dn
|
|
|
|
api.register(user_add)
|
|
|
|
|
|
class user_del(LDAPDelete):
|
|
"""
|
|
Delete user.
|
|
"""
|
|
|
|
msg_summary = _('Deleted user "%(value)s"')
|
|
|
|
def pre_callback(self, ldap, dn, *keys, **options):
|
|
if keys[-1] == 'admin':
|
|
raise errors.ExecutionError('Cannot delete user "admin".')
|
|
return dn
|
|
|
|
def post_callback(self, ldap, dn, *keys, **options):
|
|
self.log.info('IPA: %s "%s"' % (self.name, keys[-1]))
|
|
return True
|
|
|
|
api.register(user_del)
|
|
|
|
|
|
class user_mod(LDAPUpdate):
|
|
"""
|
|
Modify user.
|
|
"""
|
|
|
|
msg_summary = _('Modified user "%(value)s"')
|
|
|
|
api.register(user_mod)
|
|
|
|
|
|
class user_find(LDAPSearch):
|
|
"""
|
|
Search for users.
|
|
"""
|
|
|
|
msg_summary = ngettext(
|
|
'%(count)d user matched', '%(count)d users matched', 0
|
|
)
|
|
|
|
api.register(user_find)
|
|
|
|
|
|
class user_show(LDAPRetrieve):
|
|
"""
|
|
Display user.
|
|
"""
|
|
|
|
api.register(user_show)
|
|
|
|
|
|
class user_lock(LDAPQuery):
|
|
"""
|
|
Lock user account.
|
|
"""
|
|
|
|
has_output = output.standard_value
|
|
msg_summary = _('Locked user "%(value)s"')
|
|
|
|
def execute(self, *keys, **options):
|
|
ldap = self.obj.backend
|
|
|
|
dn = self.obj.get_dn(*keys, **options)
|
|
|
|
try:
|
|
ldap.deactivate_entry(dn)
|
|
except errors.AlreadyInactive:
|
|
pass
|
|
|
|
return dict(
|
|
result=True,
|
|
value=keys[0],
|
|
)
|
|
|
|
api.register(user_lock)
|
|
|
|
|
|
class user_unlock(LDAPQuery):
|
|
"""
|
|
Unlock user account.
|
|
"""
|
|
|
|
has_output = output.standard_value
|
|
msg_summary = _('Unlocked user "%(value)s"')
|
|
|
|
def execute(self, *keys, **options):
|
|
ldap = self.obj.backend
|
|
|
|
dn = self.obj.get_dn(*keys, **options)
|
|
|
|
try:
|
|
ldap.activate_entry(dn)
|
|
except errors.AlreadyActive:
|
|
pass
|
|
|
|
return dict(
|
|
result=True,
|
|
value=keys[0],
|
|
)
|
|
|
|
api.register(user_unlock)
|