IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-28 18:01:23 -06:00
Code Issues Packages Projects Releases Wiki Activity
dadfbf9d15
freeipa/ipalib/plugins/range.py
Martin Kosek 34f8ff4793 Add range-mod command 
range plugin was missing range-mod command that could be used for
example to fix a size for a range generated during upgrades. The
range should be updated with a caution though, a misconfiguration
could break trusts.

iparangetype is now also handled better and filled in all commands
instead of just range-show. objectclass attribute is deleted only
when really needed now.
2012-07-13 16:18:29 +02:00

170 lines
5.6 KiB
Python
Raw Blame History

# Authors:
# Sumit Bose <sbose@redhat.com>
#
# Copyright (C) 2012 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from ipalib.plugins.baseldap import *
from ipalib import api, Str, Password, DefaultFrom, _, ngettext, Object
from ipalib.parameters import Enum
from ipalib import Command
from ipalib import errors
from ipapython import ipautil
from ipalib import util
__doc__ = _("""
Manage ID ranges
""")
class range(LDAPObject):
"""
Range object.
"""
range_type = ('domain', 'ad', 'ipa')
container_dn = api.env.container_ranges
object_name = ('range')
object_name_plural = ('ranges')
object_class = ['ipaIDrange']
possible_objectclasses = ['ipadomainidrange', 'ipatrustedaddomainrange']
default_attributes = ['cn', 'ipabaseid', 'ipaidrangesize', 'ipabaserid',
'ipasecondarybaserid', 'ipanttrusteddomainsid',
'iparangetype']
label = _('Ranges')
label_singular = _('Range')
takes_params = (
Str('cn',
cli_name='name',
label=_('Range name'),
primary_key=True,
),
Int('ipabaseid',
cli_name='base_id',
label=_("First Posix ID of the range"),
),
Int('ipaidrangesize',
cli_name='range_size',
label=_("Number of IDs in the range"),
),
Int('ipabaserid',
cli_name='rid_base',
label=_('First RID of the corresponding RID range'),
),
Int('ipasecondarybaserid?',
cli_name='secondary_rid_base',
label=_('First RID of the secondary RID range'),
),
Str('ipanttrusteddomainsid?',
cli_name='dom_sid',
label=_('Domain SID of the trusted domain'),
),
Str('iparangetype?',
label=_('Range type'),
flags=['no_option'],
)
)
def handle_iparangetype(self, entry_attrs, options, keep_objectclass=False):
if not options.get('pkey_only', False):
if 'ipatrustedaddomainrange' in entry_attrs.get('objectclass', []):
entry_attrs['iparangetype'] = [unicode(_('Active Directory domain range'))]
else:
entry_attrs['iparangetype'] = [unicode(_(u'local domain range'))]
if not keep_objectclass:
if not options.get('all', False) or options.get('pkey_only', False):
entry_attrs.pop('objectclass', None)
class range_add(LDAPCreate):
__doc__ = _('Add new ID range.')
msg_summary = _('Added ID range "%(value)s"')
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
if ('ipanttrusteddomainsid' not in options and
'ipasecondarybaserid' not in options):
raise errors.ValidationError(name=_('Range setup'),
error=_('Ranges for local domain ' \
'must have a secondary RID base'))
if 'ipanttrusteddomainsid' in options:
entry_attrs['objectclass'].append('ipatrustedaddomainrange')
else:
entry_attrs['objectclass'].append('ipadomainidrange')
return dn
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
self.obj.handle_iparangetype(entry_attrs, options, keep_objectclass=True)
return dn
class range_del(LDAPDelete):
__doc__ = _('Delete an ID range.')
msg_summary = _('Deleted ID range "%(value)s"')
class range_find(LDAPSearch):
__doc__ = _('Search for ranges.')
msg_summary = ngettext(
'%(count)d range matched', '%(count)d ranges matched', 0
)
# Since all range types are stored within separate containers under
# 'cn=ranges,cn=etc' search can be done on a one-level scope
def pre_callback(self, ldap, filters, attrs_list, base_dn, scope, *args, **options):
attrs_list.append('objectclass')
return (filters, base_dn, ldap.SCOPE_ONELEVEL)
def post_callback(self, ldap, entries, truncated, *args, **options):
for dn,entry in entries:
self.obj.handle_iparangetype(entry, options)
return truncated
class range_show(LDAPRetrieve):
__doc__ = _('Display information about a range.')
def pre_callback(self, ldap, dn, attrs_list, *keys, **options):
attrs_list.append('objectclass')
return dn
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
self.obj.handle_iparangetype(entry_attrs, options)
return dn
class range_mod(LDAPUpdate):
__doc__ = _('Modify ID range.')
msg_summary = _('Modified ID range "%(value)s"')
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
attrs_list.append('objectclass')
return dn
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
self.obj.handle_iparangetype(entry_attrs, options)
return dn
api.register(range)
api.register(range_add)
api.register(range_mod)
api.register(range_del)
api.register(range_find)
api.register(range_show)
Reference in New Issue View Git Blame Copy Permalink