diff options
| author | Kevin McCarthy <kmccarth@redhat.com> | 2007-09-26 15:47:34 -0700 |
|---|---|---|
| committer | Kevin McCarthy <kmccarth@redhat.com> | 2007-09-26 15:47:34 -0700 |
| commit | 1725397a53ad133001b3c558904302cc91832b77 (patch) | |
| tree | 3296835c9e8e5e105bd2b6309003f38b50f48921 | |
| parent | f8eda3da3e4cf7053947d365219e82fa7079b9cf (diff) | |
| download | freeipa-1725397a53ad133001b3c558904302cc91832b77.tar.gz freeipa-1725397a53ad133001b3c558904302cc91832b77.tar.xz freeipa-1725397a53ad133001b3c558904302cc91832b77.zip | |
Adds methods to manipulate groups by dns.
Renamed some of the user_group parameters to be self-evident.
Binary wrapping isn't necessary on strings, so removed from xmlrpc calls.
| -rw-r--r-- | ipa-python/ipaclient.py | 60 | ||||
| -rw-r--r-- | ipa-python/rpcclient.py | 96 | ||||
| -rw-r--r-- | ipa-server/ipaserver/ipaldap.py | 2 | ||||
| -rw-r--r-- | ipa-server/xmlrpc-server/funcs.py | 136 | ||||
| -rw-r--r-- | ipa-server/xmlrpc-server/ipaxmlrpc.py | 4 |
5 files changed, 214 insertions, 84 deletions
diff --git a/ipa-python/ipaclient.py b/ipa-python/ipaclient.py index 3093fa976..97792fdd1 100644 --- a/ipa-python/ipaclient.py +++ b/ipa-python/ipaclient.py @@ -205,41 +205,65 @@ class IPAClient: return groups - def add_user_to_group(self, user, group): + def add_member_to_group(self, member_dn, group_cn): + """Add a member to an existing group. + """ + + return self.transport.add_member_to_group(member_dn, group_cn) + + def add_members_to_group(self, member_dns, group_cn): + """Add several members to an existing group. + member_dns is a list of dns to add + + Returns a list of the dns that were not added. + """ + + return self.transport.add_members_to_group(member_dns, group_cn) + + def remove_member_from_group(self, member_dn, group_cn): + """Remove a member from an existing group. + """ + + return self.transport.remove_member_from_group(member_dn, group_cn) + + def remove_members_from_group(self, member_dns, group_cn): + """Remove several members from an existing group. + member_dns is a list of dns to remove + + Returns a list of the dns that were not removed. + """ + + return self.transport.remove_members_from_group(member_dns, group_cn) + + def add_user_to_group(self, user_uid, group_cn): """Add a user to an existing group. - user is a uid of the user to add - group is the cn of the group to be added to """ - return self.transport.add_user_to_group(user, group) + return self.transport.add_user_to_group(user_uid, group_cn) - def add_users_to_group(self, users, group): + def add_users_to_group(self, user_uids, group_cn): """Add several users to an existing group. - user is a list of uids of the users to add - group is the cn of the group to be added to + user_uids is a list of uids of the users to add - Returns a list of the users that were not added. + Returns a list of the user uids that were not added. """ - return self.transport.add_users_to_group(users, group) + return self.transport.add_users_to_group(user_uids, group_cn) - def remove_user_from_group(self, user, group): + def remove_user_from_group(self, user_uid, group_cn): """Remove a user from an existing group. - user is a uid of the user to remove - group is the cn of the group to be removed from """ - return self.transport.remove_user_from_group(user, group) + return self.transport.remove_user_from_group(user_uid, group_cn) - def remove_users_from_group(self, users, group): + def remove_users_from_group(self, user_uids, group_cn): """Remove several users from an existing group. - user is a list of uids of the users to remove - group is the cn of the group to be removed from + user_uids is a list of uids of the users to remove - Returns a list of the users that were not removed. + Returns a list of the user uids that were not removed. """ - return self.transport.remove_users_from_group(users, group) + return self.transport.remove_users_from_group(user_uids, group_cn) def update_group(self,group): """Update a group entry.""" diff --git a/ipa-python/rpcclient.py b/ipa-python/rpcclient.py index 9d9990448..f292098ac 100644 --- a/ipa-python/rpcclient.py +++ b/ipa-python/rpcclient.py @@ -326,49 +326,98 @@ class RPCClient: return ipautil.unwrap_binary_data(result) - def add_user_to_group(self, user, group): + def add_member_to_group(self, member_dn, group_cn): + """Add a new member to an existing group. + """ + server = self.setup_server() + try: + result = server.add_member_to_group(member_dn, group_cn) + except xmlrpclib.Fault, fault: + raise ipaerror.gen_exception(fault.faultCode, fault.faultString) + except socket.error, (value, msg): + raise xmlrpclib.Fault(value, msg) + + return ipautil.unwrap_binary_data(result) + + def add_members_to_group(self, member_dns, group_cn): + """Add several members to an existing group. + member_dns is a list of the dns to add + + Returns a list of the dns that were not added. + """ + server = self.setup_server() + try: + result = server.add_members_to_group(member_dns, group_cn) + except xmlrpclib.Fault, fault: + raise ipaerror.gen_exception(fault.faultCode, fault.faultString) + except socket.error, (value, msg): + raise xmlrpclib.Fault(value, msg) + + return ipautil.unwrap_binary_data(result) + + def remove_member_from_group(self, member_dn, group_cn): + """Remove a member from an existing group. + """ + server = self.setup_server() + try: + result = server.remove_member_from_group(member_dn, group_cn) + except xmlrpclib.Fault, fault: + raise ipaerror.gen_exception(fault.faultCode, fault.faultString) + except socket.error, (value, msg): + raise xmlrpclib.Fault(value, msg) + + return ipautil.unwrap_binary_data(result) + + def remove_members_from_group(self, member_dns, group_cn): + """Remove several members from an existing group. + + Returns a list of the dns that were not removed. + """ + server = self.setup_server() + try: + result = server.remove_members_from_group(member_dns, group_cn) + except xmlrpclib.Fault, fault: + raise ipaerror.gen_exception(fault.faultCode, fault.faultString) + except socket.error, (value, msg): + raise xmlrpclib.Fault(value, msg) + + return ipautil.unwrap_binary_data(result) + + def add_user_to_group(self, user_uid, group_cn): """Add a user to an existing group. - user is a uid of the user to add - group is the cn of the group to be added to """ server = self.setup_server() try: - result = server.add_user_to_group(ipautil.wrap_binary_data(user), - ipautil.wrap_binary_data(group)) + result = server.add_user_to_group(user_uid, group_cn) except xmlrpclib.Fault, fault: raise ipaerror.gen_exception(fault.faultCode, fault.faultString) except socket.error, (value, msg): raise xmlrpclib.Fault(value, msg) - + return ipautil.unwrap_binary_data(result) - def add_users_to_group(self, users, group): + def add_users_to_group(self, user_uids, group_cn): """Add several users to an existing group. - user is a list of the uids of the users to add - group is the cn of the group to be added to + user_uids is a list of the uids of the users to add - Returns a list of the users that were not added. + Returns a list of the user uids that were not added. """ server = self.setup_server() try: - result = server.add_users_to_group(ipautil.wrap_binary_data(users), - ipautil.wrap_binary_data(group)) + result = server.add_users_to_group(user_uids, group_cn) except xmlrpclib.Fault, fault: raise ipaerror.gen_exception(fault.faultCode, fault.faultString) except socket.error, (value, msg): raise xmlrpclib.Fault(value, msg) - + return ipautil.unwrap_binary_data(result) - def remove_user_from_group(self, user, group): + def remove_user_from_group(self, user_uid, group_cn): """Remove a user from an existing group. - user is a uid of the user to remove - group is the cn of the group to be removed from """ server = self.setup_server() try: - result = server.remove_user_from_group(ipautil.wrap_binary_data(user), - ipautil.wrap_binary_data(group)) + result = server.remove_user_from_group(user_uid, group_cn) except xmlrpclib.Fault, fault: raise ipaerror.gen_exception(fault.faultCode, fault.faultString) except socket.error, (value, msg): @@ -376,18 +425,15 @@ class RPCClient: return ipautil.unwrap_binary_data(result) - def remove_users_from_group(self, users, group): + def remove_users_from_group(self, user_uids, group_cn): """Remove several users from an existing group. - user is a list of the uids of the users to remove - group is the cn of the group to be removed from + user_uids is a list of the uids of the users to remove - Returns a list of the users that were not removed. + Returns a list of the user uids that were not removed. """ server = self.setup_server() try: - result = server.remove_users_from_group( - ipautil.wrap_binary_data(users), - ipautil.wrap_binary_data(group)) + result = server.remove_users_from_group(user_uids, group_cn) except xmlrpclib.Fault, fault: raise ipaerror.gen_exception(fault.faultCode, fault.faultString) except socket.error, (value, msg): diff --git a/ipa-server/ipaserver/ipaldap.py b/ipa-server/ipaserver/ipaldap.py index ffbb2168d..3dcb836d3 100644 --- a/ipa-server/ipaserver/ipaldap.py +++ b/ipa-server/ipaserver/ipaldap.py @@ -215,7 +215,7 @@ class IPAdmin(SimpleLDAPObject): out this way so that we can call them from places other than instance creation e.g. when we just need to reconnect, not create a new instance""" - if debug.lower() == "on": + if debug and debug.lower() == "on": ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) if cacert is not None: ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,cacert) diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py index d226ac863..604839e4c 100644 --- a/ipa-server/xmlrpc-server/funcs.py +++ b/ipa-server/xmlrpc-server/funcs.py @@ -66,6 +66,8 @@ class IPAConnPool: return conn def releaseConn(self, conn): + if conn is None: + return # We can't re-use SASL connections. If proxydn is None it means # we have a Kerberos credentails cache set. See ipaldap.set_krbccache if conn.proxydn is None: @@ -716,27 +718,24 @@ class IPAServer: return groups - def add_user_to_group(self, user, group, opts=None): - """Add a user to an existing group. - user is a uid of the user to add - group is the cn of the group to be added to + def add_member_to_group(self, member_dn, group_cn, opts=None): + """Add a member to an existing group. """ - old_group = self.get_group_by_cn(group, None, opts) + old_group = self.get_group_by_cn(group_cn, None, opts) if old_group is None: raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND) new_group = copy.deepcopy(old_group) - user_dn = self.get_user_by_uid(user, ['dn', 'uid', 'objectclass'], opts) - if user_dn is None: - raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND) + # check to make sure member_dn exists + member_entry = self.__get_entry(member_dn, "(objectClass=*)", ['dn','uid'], opts) if new_group.get('uniquemember') is not None: if ((isinstance(new_group.get('uniquemember'), str)) or (isinstance(new_group.get('uniquemember'), unicode))): new_group['uniquemember'] = [new_group['uniquemember']] - new_group['uniquemember'].append(user_dn['dn']) + new_group['uniquemember'].append(member_dn) else: - new_group['uniquemember'] = user_dn['dn'] + new_group['uniquemember'] = member_dn try: ret = self.__update_entry(old_group, new_group, opts) @@ -744,50 +743,44 @@ class IPAServer: raise return ret - def add_users_to_group(self, users, group, opts=None): - """Given a list of user uid's add them to the group cn denoted by group - Returns a list of the users were not added to the group. + def add_members_to_group(self, member_dns, group_cn, opts=None): + """Given a list of dn's, add them to the group cn denoted by group + Returns a list of the member_dns that were not added to the group. """ failed = [] - if (isinstance(users, str)): - users = [users] + if (isinstance(member_dns, str)): + member_dns = [member_dns] - for user in users: + for member_dn in member_dns: try: - self.add_user_to_group(user, group, opts) + self.add_member_to_group(member_dn, group_cn, opts) except ipaerror.exception_for(ipaerror.LDAP_EMPTY_MODLIST): # User is already in the group - failed.append(user) + failed.append(member_dn) except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND): # User or the group does not exist - failed.append(user) + failed.append(member_dn) return failed - def remove_user_from_group(self, user, group, opts=None): - """Remove a user from an existing group. - user is a uid of the user to remove - group is the cn of the group to be removed from + def remove_member_from_group(self, member_dn, group_cn, opts=None): + """Remove a member_dn from an existing group. """ - old_group = self.get_group_by_cn(group, None, opts) + old_group = self.get_group_by_cn(group_cn, None, opts) if old_group is None: raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND) new_group = copy.deepcopy(old_group) - user_dn = self.get_user_by_uid(user, ['dn', 'uid', 'objectclass'], opts) - if user_dn is None: - raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND) - if new_group.get('uniquemember') is not None: if ((isinstance(new_group.get('uniquemember'), str)) or (isinstance(new_group.get('uniquemember'), unicode))): new_group['uniquemember'] = [new_group['uniquemember']] try: - new_group['uniquemember'].remove(user_dn['dn']) + new_group['uniquemember'].remove(member_dn) except ValueError: - # User is not in the group + # member is not in the group # FIXME: raise more specific error? raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND) else: @@ -801,26 +794,89 @@ class IPAServer: raise return ret - def remove_users_from_group(self, users, group, opts=None): - """Given a list of user uid's remove them from the group cn denoted - by group - Returns a list of the users were not removed from the group. + def remove_members_from_group(self, member_dns, group_cn, opts=None): + """Given a list of member dn's remove them from the group. + Returns a list of the members not removed from the group. + """ + + failed = [] + + if (isinstance(member_dns, str)): + member_dns = [member_dns] + + for member_dn in member_dns: + try: + self.remove_member_from_group(member_dn, group_cn, opts) + except ipaerror.exception_for(ipaerror.LDAP_EMPTY_MODLIST): + # member is not in the group + failed.append(member_dn) + except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND): + # member_dn or the group does not exist + failed.append(member_dn) + + return failed + + def add_user_to_group(self, user_uid, group_cn, opts=None): + """Add a user to an existing group. + """ + + user = self.get_user_by_uid(user_uid, ['dn', 'uid', 'objectclass'], opts) + if user is None: + raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND) + + return self.add_member_to_group(user['dn'], group_cn, opts) + + def add_users_to_group(self, user_uids, group_cn, opts=None): + """Given a list of user uid's add them to the group cn denoted by group + Returns a list of the users were not added to the group. + """ + + failed = [] + + if (isinstance(user_uids, str)): + user_uids = [user_uids] + + for user_uid in user_uids: + try: + self.add_user_to_group(user_uid, group_cn, opts) + except ipaerror.exception_for(ipaerror.LDAP_EMPTY_MODLIST): + # User is already in the group + failed.append(user_uid) + except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND): + # User or the group does not exist + failed.append(user_uid) + + return failed + + def remove_user_from_group(self, user_uid, group_cn, opts=None): + """Remove a user from an existing group. + """ + + user = self.get_user_by_uid(user_uid, ['dn', 'uid', 'objectclass'], opts) + if user is None: + raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND) + + return self.remove_member_from_group(user['dn'], group_cn, opts) + + def remove_users_from_group(self, user_uids, group_cn, opts=None): + """Given a list of user uid's remove them from the group + Returns a list of the user uids not removed from the group. """ failed = [] - if (isinstance(users, str)): - users = [users] + if (isinstance(user_uids, str)): + user_uids = [user_uids] - for user in users: + for user_uid in user_uids: try: - self.remove_user_from_group(user, group, opts) + self.remove_user_from_group(user_uid, group_cn, opts) except ipaerror.exception_for(ipaerror.LDAP_EMPTY_MODLIST): # User is not in the group - failed.append(user) + failed.append(user_uid) except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND): # User or the group does not exist - failed.append(user) + failed.append(user_uid) return failed diff --git a/ipa-server/xmlrpc-server/ipaxmlrpc.py b/ipa-server/xmlrpc-server/ipaxmlrpc.py index 9314bd5cf..f8395dccd 100644 --- a/ipa-server/xmlrpc-server/ipaxmlrpc.py +++ b/ipa-server/xmlrpc-server/ipaxmlrpc.py @@ -330,6 +330,10 @@ def handler(req, profiling=False): h.register_function(f.get_groups_by_member) h.register_function(f.add_group) h.register_function(f.find_groups) + h.register_function(f.add_member_to_group) + h.register_function(f.add_members_to_group) + h.register_function(f.remove_member_from_group) + h.register_function(f.remove_members_from_group) h.register_function(f.add_user_to_group) h.register_function(f.add_users_to_group) h.register_function(f.add_group_to_group) |