diff options
author | Rob Crittenden <rcritten@redhat.com> | 2010-10-26 13:56:54 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2010-10-28 17:34:34 -0400 |
commit | c1dfb50ee9be266e3448ad53acd8a6464938c604 (patch) | |
tree | 595769d6959e3340cdcb20f14305568a4d42b8da | |
parent | 4f8e4482b316cc5996986bdfae12cc27be27df5e (diff) | |
download | freeipa-c1dfb50ee9be266e3448ad53acd8a6464938c604.tar.gz freeipa-c1dfb50ee9be266e3448ad53acd8a6464938c604.tar.xz freeipa-c1dfb50ee9be266e3448ad53acd8a6464938c604.zip |
Remove group nesting from the HBAC service groups
ticket 389
-rw-r--r-- | install/share/60basev2.ldif | 2 | ||||
-rw-r--r-- | ipalib/plugins/hbacsvcgroup.py | 12 | ||||
-rw-r--r-- | tests/test_xmlrpc/test_hbacsvcgroup_plugin.py | 2 |
3 files changed, 4 insertions, 12 deletions
diff --git a/install/share/60basev2.ldif b/install/share/60basev2.ldif index 5e97f13b8..7eb346b02 100644 --- a/install/share/60basev2.ldif +++ b/install/share/60basev2.ldif @@ -41,7 +41,7 @@ objectClasses: (1.3.6.1.1.1.2.17 NAME 'automount' DESC 'Automount information' S attributeTypes: (2.16.840.1.113730.3.8.3.17 NAME 'hostCApolicy' DESC 'Policy on how to treat host requests for cert operations.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v2' ) objectClasses: (2.16.840.1.113730.3.8.4.9 NAME 'ipaCAaccess' STRUCTURAL MAY (member $ hostCApolicy) X-ORIGIN 'IPA v2' ) objectClasses: (2.16.840.1.113730.3.8.4.10 NAME 'ipaHBACService' STRUCTURAL MUST ( cn ) MAY ( description $ memberOf ) X-ORIGIN 'IPA v2' ) -objectClasses: (2.16.840.1.113730.3.8.4.11 NAME 'ipaHBACServiceGroup' DESC 'IPA HBAC service group object class' SUP nestedGroup STRUCTURAL X-ORIGIN 'IPA v2' ) +objectClasses: (2.16.840.1.113730.3.8.4.11 NAME 'ipaHBACServiceGroup' DESC 'IPA HBAC service group object class' SUP groupOfNames STRUCTURAL X-ORIGIN 'IPA v2' ) attributeTypes: (1.3.6.1.4.1.2428.20.0.0 NAME 'dNSTTL' DESC 'An integer denoting time to live' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributeTypes: (1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass' DESC 'The class of a resource record' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: (1.3.6.1.4.1.2428.20.1.12 NAME 'pTRRecord' DESC 'domain name pointer, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) diff --git a/ipalib/plugins/hbacsvcgroup.py b/ipalib/plugins/hbacsvcgroup.py index 682a6c4e6..3bbf660ee 100644 --- a/ipalib/plugins/hbacsvcgroup.py +++ b/ipalib/plugins/hbacsvcgroup.py @@ -20,8 +20,7 @@ HBAC Service Groups HBAC service groups can contain any number of individual services, -or "members", and can also contain other service groups. Every group must -have a description. +or "members". Every group must have a description. EXAMPLES: @@ -37,7 +36,6 @@ EXAMPLES: Add a new group to the "login" group: ipa hbacsvcgroup-add --desc="switch users" suers ipa hbacsvcgroup-add-member --hbacsvcs=su,su-l suers - ipa hbacsvsgroup-add-member --hbacsvsgroups=suers login Delete an HBAC services group: ipa hbacsvcgroup-del login @@ -56,14 +54,10 @@ class hbacsvcgroup(LDAPObject): object_name = 'hbacsvcgroup' object_name_plural = 'hbacsvcgroups' object_class = ['ipaobject', 'ipahbacservicegroup'] - default_attributes = [ 'cn', 'description', 'member', 'memberof', - 'memberindirect', - ] + default_attributes = [ 'cn', 'description', 'member' ] uuid_attribute = 'ipauniqueid' attribute_members = { - 'member': ['hbacsvc', 'hbacsvcgroup'], - 'memberof': ['hbacsvcgroup'], - 'memberindirect': ['hbacsvc', 'hbacsvcgroup'], + 'member': ['hbacsvc'], } label = _('HBAC Service Groups') diff --git a/tests/test_xmlrpc/test_hbacsvcgroup_plugin.py b/tests/test_xmlrpc/test_hbacsvcgroup_plugin.py index da347f22d..c44779f27 100644 --- a/tests/test_xmlrpc/test_hbacsvcgroup_plugin.py +++ b/tests/test_xmlrpc/test_hbacsvcgroup_plugin.py @@ -123,7 +123,6 @@ class test_hbacsvcgroup(Declarative): failed=dict( member=dict( hbacsvc=tuple(), - hbacsvcgroup=tuple(), ), ), result={ @@ -213,7 +212,6 @@ class test_hbacsvcgroup(Declarative): failed=dict( member=dict( hbacsvc=tuple(), - hbacsvcgroup=tuple(), ), ), completed=1, |