diff options
| author | Martin Babinsky <mbabinsk@redhat.com> | 2015-08-07 15:44:57 +0200 |
|---|---|---|
| committer | Tomas Babej <tbabej@redhat.com> | 2015-08-12 16:38:27 +0200 |
| commit | 5738cdb1145f6bce7f31a6d29bd39ceadbe62c88 (patch) | |
| tree | ad9df952992eea3c2a5c7b87b5f0b7c9cfcda5a5 | |
| parent | dc0d4f73200065c209eb007a3be3ebd3d3b6dd64 (diff) | |
| download | freeipa-5738cdb1145f6bce7f31a6d29bd39ceadbe62c88.tar.gz freeipa-5738cdb1145f6bce7f31a6d29bd39ceadbe62c88.tar.xz freeipa-5738cdb1145f6bce7f31a6d29bd39ceadbe62c88.zip | |
idranges: raise an error when local IPA ID range is being modified
also show the message about the way UID/GID ranges are managed in FreeIPA in
the idrange-mod's help message
https://fedorahosted.org/freeipa/ticket/4826
Reviewed-By: Tomas Babej <tbabej@redhat.com>
| -rw-r--r-- | ipalib/plugins/idrange.py | 52 |
1 files changed, 29 insertions, 23 deletions
diff --git a/ipalib/plugins/idrange.py b/ipalib/plugins/idrange.py index fb198d79d..2cec05bd8 100644 --- a/ipalib/plugins/idrange.py +++ b/ipalib/plugins/idrange.py @@ -31,6 +31,20 @@ if api.env.in_server and api.env.context in ['lite', 'server']: except ImportError: _dcerpc_bindings_installed = False +ID_RANGE_VS_DNA_WARNING = """======= +WARNING: + +DNA plugin in 389-ds will allocate IDs based on the ranges configured for the +local domain. Currently the DNA plugin *cannot* be reconfigured itself based +on the local ranges set via this family of commands. + +Manual configuration change has to be done in the DNA plugin configuration for +the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix +IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to be +modified to match the new range. +======= +""" + __doc__ = _(""" ID ranges @@ -139,17 +153,8 @@ this domain has the SID S-1-5-21-123-456-789-1010 then 1010 id the RID of the user. RIDs are unique in a domain, 32bit values and are used for users and groups. -WARNING: - -DNA plugin in 389-ds will allocate IDs based on the ranges configured for the -local domain. Currently the DNA plugin *cannot* be reconfigured itself based -on the local ranges set via this family of commands. - -Manual configuration change has to be done in the DNA plugin configuration for -the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix -IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to be -modified to match the new range. -""") +{0} +""".format(ID_RANGE_VS_DNA_WARNING)) register = Registry() @@ -386,17 +391,8 @@ class idrange_add(LDAPCreate): must be given to add a new range for a trusted AD domain. - WARNING: - - DNA plugin in 389-ds will allocate IDs based on the ranges configured for the - local domain. Currently the DNA plugin *cannot* be reconfigured itself based - on the local ranges set via this family of commands. - - Manual configuration change has to be done in the DNA plugin configuration for - the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix - IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to be - modified to match the new range. - """) +{0} +""".format(ID_RANGE_VS_DNA_WARNING)) msg_summary = _('Added ID range "%(value)s"') @@ -670,7 +666,10 @@ class idrange_show(LDAPRetrieve): @register() class idrange_mod(LDAPUpdate): - __doc__ = _('Modify ID range.') + __doc__ = _("""Modify ID range. + +{0} +""".format(ID_RANGE_VS_DNA_WARNING)) msg_summary = _('Modified ID range "%(value)s"') @@ -688,6 +687,13 @@ class idrange_mod(LDAPUpdate): except errors.NotFound: self.obj.handle_not_found(*keys) + if old_attrs['iparangetype'][0] == 'ipa-local': + raise errors.ExecutionError( + message=_('This command can not be used to change ID ' + 'allocation for local IPA domain. Run ' + '`ipa help idrange` for more information') + ) + is_set = lambda x: (x in entry_attrs) and (entry_attrs[x] is not None) in_updated_attrs = lambda x:\ (x in entry_attrs and entry_attrs[x] is not None) or\ |