diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2007-12-06 00:30:26 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2007-12-06 00:30:26 -0500 |
| commit | 6ea3d9610e62322b843b22b6acf531dce384305c (patch) | |
| tree | c1f391a3c1e284abbe3686f245be7af36eb6cbf4 | |
| parent | ca118de76cb036acb31eae41970b962497d18838 (diff) | |
| download | freeipa-6ea3d9610e62322b843b22b6acf531dce384305c.tar.gz freeipa-6ea3d9610e62322b843b22b6acf531dce384305c.tar.xz freeipa-6ea3d9610e62322b843b22b6acf531dce384305c.zip | |
Utilize user and group objectclass lists in cn=ipaconfig
Change the syntax on user and group objectclasses in cn=ipaconfig
| -rw-r--r-- | ipa-server/ipa-install/share/60ipaconfig.ldif | 4 | ||||
| -rw-r--r-- | ipa-server/ipa-install/share/bootstrap-template.ldif | 12 | ||||
| -rw-r--r-- | ipa-server/xmlrpc-server/funcs.py | 26 |
3 files changed, 36 insertions, 6 deletions
diff --git a/ipa-server/ipa-install/share/60ipaconfig.ldif b/ipa-server/ipa-install/share/60ipaconfig.ldif index b9371e779..552120991 100644 --- a/ipa-server/ipa-install/share/60ipaconfig.ldif +++ b/ipa-server/ipa-install/share/60ipaconfig.ldif @@ -30,9 +30,9 @@ attributetypes: ( 2.16.840.1.113730.3.8.1.9 NAME 'ipaMaxUsernameLength' EQUALITY ## ipaPwdExpAdvNotify - time in days to send out paswword expiration notification before passwpord actually expires attributetypes: ( 2.16.840.1.113730.3.8.1.10 NAME 'ipaPwdExpAdvNotify' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE) # ipaUserObjectClasses - required objectclasses for users -attributetypes: ( 2.16.840.1.113730.3.8.1.11 NAME 'ipaUserObjectClasses' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27) +attributetypes: ( 2.16.840.1.113730.3.8.1.11 NAME 'ipaUserObjectClasses' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) # ipaGroupObjectClasses - required objectclasses for groups -attributetypes: ( 2.16.840.1.113730.3.8.1.12 NAME 'ipaGroupObjectClasses' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27) +attributetypes: ( 2.16.840.1.113730.3.8.1.12 NAME 'ipaGroupObjectClasses' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) ############################################### ## ## ObjectClasses diff --git a/ipa-server/ipa-install/share/bootstrap-template.ldif b/ipa-server/ipa-install/share/bootstrap-template.ldif index fb124a790..3b79dfb62 100644 --- a/ipa-server/ipa-install/share/bootstrap-template.ldif +++ b/ipa-server/ipa-install/share/bootstrap-template.ldif @@ -123,6 +123,18 @@ ipaDefaultLoginShell: /bin/sh ipaDefaultPrimaryGroup: ipausers ipaMaxUsernameLength: 8 ipaPwdExpAdvNotify: 4 +ipaGroupObjectClasses: top +ipaGroupObjectClasses: groupofnames +ipaGroupObjectClasses: posixGroup +ipaGroupObjectClasses: inetUser +ipaUserObjectClasses: top +ipaUserObjectClasses: person +ipaUserObjectClasses: organizationalPerson +ipaUserObjectClasses: inetOrgPerson +ipaUserObjectClasses: inetUser +ipaUserObjectClasses: posixAccount +ipaUserObjectClasses: krbPrincipalAux +ipaUserObjectClasses: radiusprofile dn: cn=account inactivation,cn=accounts,$SUFFIX changetype: add diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py index 7be75ddc3..d247878e0 100644 --- a/ipa-server/xmlrpc-server/funcs.py +++ b/ipa-server/xmlrpc-server/funcs.py @@ -506,8 +506,7 @@ class IPAServer: del user['gn'] # some required objectclasses - entry.setValues('objectClass', 'top', 'person', 'organizationalPerson', - 'inetOrgPerson', 'inetUser', 'posixAccount', 'krbPrincipalAux', 'radiusprofile') + entry.setValues('objectClass', (config.get('ipauserobjectclasses'))) # fill in our new entry with everything sent by the user for u in user: @@ -719,6 +718,12 @@ class IPAServer: finally: self.releaseConnection(conn) + # Get our configuration + config = self.get_ipa_config(opts) + + # Make sure we have the latest object classes + newentry['objectclass'] = uniq_list(newentry.get('objectclass') + config.get('ipauserobjectclasses')) + try: rv = self.update_entry(oldentry, newentry, opts) return rv @@ -878,13 +883,15 @@ class IPAServer: if self.__is_group_unique(group['cn'], opts) == 0: raise ipaerror.gen_exception(ipaerror.LDAP_DUPLICATE) + # Get our configuration + config = self.get_ipa_config(opts) + dn="cn=%s,%s,%s" % (ldap.dn.escape_dn_chars(group['cn']), group_container,self.basedn) entry = ipaserver.ipaldap.Entry(dn) # some required objectclasses - entry.setValues('objectClass', 'top', 'groupofnames', 'posixGroup', - 'inetUser') + entry.setValues('objectClass', (config.get('ipagroupobjectclasses'))) # No need to explicitly set gidNumber. The dna_plugin will do this # for us if the value isn't provided by the user. @@ -1226,6 +1233,12 @@ class IPAServer: finally: self.releaseConnection(conn) + # Get our configuration + config = self.get_ipa_config(opts) + + # Make sure we have the latest object classes + newentry['objectclass'] = uniq_list(newentry.get('objectclass') + config.get('ipauserobjectclasses')) + try: rv = self.update_entry(oldentry, newentry, opts) return rv @@ -1590,3 +1603,8 @@ def ldap_search_escape(match): return r'\00' else: return value + +def uniq_list(x): + """Return a unique list, preserving order and ignoring case""" + set = {} + return [set.setdefault(e,e) for e in x if e.lower() not in set] |