diff options
author | Rob Crittenden <rcritten@redhat.com> | 2010-10-25 22:59:50 -0400 |
---|---|---|
committer | Adam Young <ayoung@redhat.com> | 2010-10-28 14:35:34 -0400 |
commit | 47629a604d7f312ccb32e6b260782cb7c5c70954 (patch) | |
tree | 19063a6b9c003bfd1cdc31e4847ef7beaa5a85b7 | |
parent | de3cc334eddff26a743e537f10055e5d6398ffa5 (diff) | |
download | freeipa-47629a604d7f312ccb32e6b260782cb7c5c70954.tar.gz freeipa-47629a604d7f312ccb32e6b260782cb7c5c70954.tar.xz freeipa-47629a604d7f312ccb32e6b260782cb7c5c70954.zip |
Retrieve Get Effective Rights output with LDAPRetrieve
The output is a pure python dict so is really only useful when used with
--all so it is required.
Updated to return a string for rights as opposed to a list. Terser, reducing the wire size by a factor of 3.5
-rw-r--r-- | ipalib/plugins/baseldap.py | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 78ce8e023..91aa39650 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -426,6 +426,13 @@ class LDAPRetrieve(LDAPQuery): """ has_output = output.standard_entry + takes_options = ( + Flag('rights', + label=_('Rights'), + doc=_('Display the access rights to modify this entry (requires --all)'), + ), + ) + def execute(self, *keys, **options): ldap = self.obj.backend @@ -455,6 +462,17 @@ class LDAPRetrieve(LDAPQuery): except errors.NotFound: self.obj.handle_not_found(*keys) + if options.get('rights', False) and options.get('all', False): + rights = ldap.get_effective_rights(dn, ['*', 'nsaccountlock']) + if 'attributelevelrights' in rights[1]: + rights = rights[1]['attributelevelrights'] + rights = rights[0].split(', ') + rdict = {} + for r in rights: + (k,v) = r.split(':') + rdict[k] = v + entry_attrs['attributelevelrights'] = rdict + for callback in self.POST_CALLBACKS: if hasattr(callback, 'im_self'): dn = callback(ldap, dn, entry_attrs, *keys, **options) |