diff options
| author | Simo Sorce <ssorce@redhat.com> | 2007-12-11 11:00:24 -0500 |
|---|---|---|
| committer | Simo Sorce <ssorce@redhat.com> | 2007-12-11 11:00:24 -0500 |
| commit | 75493763f665970858b26dd06cdf36985fe61940 (patch) | |
| tree | 557b19af3dc59c8bcadfa57ca23bfa1dd43505a6 | |
| parent | 06140245660d4d68a155796418e80867ce853be4 (diff) | |
| parent | ca8e71d9381fb61368e5666c4d560ae9417fdf97 (diff) | |
| download | freeipa-75493763f665970858b26dd06cdf36985fe61940.tar.gz freeipa-75493763f665970858b26dd06cdf36985fe61940.tar.xz freeipa-75493763f665970858b26dd06cdf36985fe61940.zip | |
iMerge with upstream
23 files changed, 159 insertions, 96 deletions
diff --git a/ipa-admintools/ipa-addgroup b/ipa-admintools/ipa-addgroup index 15d42a91e..8169dea12 100644 --- a/ipa-admintools/ipa-addgroup +++ b/ipa-admintools/ipa-addgroup @@ -62,28 +62,28 @@ def main(): if (len(args) != 2): while (cont != True): cn = raw_input("Group name: ") - if (ipavalidate.plain(cn, notEmpty=True)): - print "Field is required and must be letters or '." + if (ipavalidate.String(cn, notEmpty=True)): + print "Please enter a value" else: cont = True else: cn = args[1] - if (ipavalidate.plain(cn, notEmpty=True)): - print "Group name is required and must be letters or '." + if (ipavalidate.ipastsring(cn, notEmpty=True)): + print "Please enter a value" return 1 cont = False if not options.desc: while (cont != True): desc = raw_input("Description: ") - if (ipavalidate.plain(desc, notEmpty=True)): - print "Field is required and must be letters or '." + if (ipavalidate.String(desc, notEmpty=True)): + print "Please enter a value" else: cont = True else: desc = options.desc - if (ipavalidate.plain(desc, notEmpty=True)): - print "First name is required and must be letters or '." + if (ipavalidate.String(desc, notEmpty=True)): + print "Please enter a value" return 1 if options.gid: diff --git a/ipa-admintools/ipa-adduser b/ipa-admintools/ipa-adduser index 96b43e0d5..298834258 100644 --- a/ipa-admintools/ipa-adduser +++ b/ipa-admintools/ipa-adduser @@ -92,42 +92,42 @@ def main(): if not options.gn: while (cont != True): givenname = raw_input("First name: ") - if (ipavalidate.plain(givenname, notEmpty=True)): - print "Field is required and must be letters or '" + if (ipavalidate.String(givenname, notEmpty=True)): + print "Please enter a value" else: cont = True else: givenname = options.gn - if (ipavalidate.plain(givenname, notEmpty=True)): - print "First name is required and must be letters or '" + if (ipavalidate.String(givenname, notEmpty=True)): + print "Please enter a value" return 1 cont = False if not options.sn: while (cont != True): lastname = raw_input("Last name: ") - if (ipavalidate.plain(lastname, notEmpty=True)): - print "Field is required and must be letters or '" + if (ipavalidate.String(lastname, notEmpty=True)): + print "Please enter a value" else: cont = True else: lastname = options.sn - if (ipavalidate.plain(lastname, notEmpty=True)): - print "Last name is required and must be letters or '" + if (ipavalidate.String(lastname, notEmpty=True)): + print "Please enter a value" return 1 cont = False if (len(args) != 2): while (cont != True): username = raw_input("Login name: ") - if (ipavalidate.plain(username, notEmpty=True)): - print "Field is required and must be letters or '" + if (ipavalidate.Plain(username, notEmpty=True, allowSpaces=False)): + print "Please enter a value" else: cont = True else: username = args[1] - if (ipavalidate.plain(username, notEmpty=True)): - print "Username is required and must be letters or '" + if (ipavalidate.Plain(username, notEmpty=True, allowSpaces=False)): + print "Username is required and may only include letters and numbers" return 1 if not options.password: @@ -147,7 +147,7 @@ def main(): if options.mail: mail = options.mail - if (ipavalidate.email(mail)): + if (ipavalidate.Email(mail)): print "The email provided seem not a valid email." return 1 @@ -158,8 +158,8 @@ def main(): if not options.gecos: while (cont != True): gecos = raw_input("gecos []: ") - if (ipavalidate.plain(gecos, notEmpty=False)): - print "Must be letters, numbers, spaces or '" + if (ipavalidate.String(gecos, notEmpty=False)): + print "Please enter a value" else: cont = True cont = False @@ -168,8 +168,8 @@ def main(): directory = raw_input("home directory [/home/"+username+"]: ") if directory == "": directory = "/home/"+username - if (ipavalidate.path(directory, notEmpty=False)): - print "Must be letters, numbers, spaces or '" + if (ipavalidate.Path(directory, notEmpty=False)): + print "Please enter a value" else: cont = True cont = False diff --git a/ipa-admintools/ipa-deldelegation b/ipa-admintools/ipa-deldelegation index 7ad17c38b..030d462ff 100644 --- a/ipa-admintools/ipa-deldelegation +++ b/ipa-admintools/ipa-deldelegation @@ -65,6 +65,7 @@ def main(): if not(isinstance(aci_str_list,list) or isinstance(aci_str_list,tuple)): aci_str_list = [aci_str_list] + acistr = None for aci_str in aci_str_list: try: aci = ipa.aci.ACI(aci_str) @@ -76,7 +77,7 @@ def main(): pass if acistr is None: - print "No delegation %s found." % args[1] + print "No delegation '%s' found." % args[1] return 2 old_aci_index = aci_str_list.index(acistr) @@ -86,6 +87,7 @@ def main(): aci_entry.setValue('aci', new_aci_str_list) client.update_entry(aci_entry) + print "Delegation removed." except xmlrpclib.Fault, fault: if fault.faultCode == errno.ECONNREFUSED: print "The IPA XML-RPC service is not responding." diff --git a/ipa-admintools/ipa-findgroup b/ipa-admintools/ipa-findgroup index d84a2c62f..73b0bb1bc 100644 --- a/ipa-admintools/ipa-findgroup +++ b/ipa-admintools/ipa-findgroup @@ -67,7 +67,7 @@ def main(): return 2 elif counter == -1: print "These results are truncated." - print "Please revine your search and try again." + print "Please refine your search and try again." for ent in groups: try: diff --git a/ipa-admintools/ipa-finduser b/ipa-admintools/ipa-finduser index 81e8898a2..2ee19dfe0 100644 --- a/ipa-admintools/ipa-finduser +++ b/ipa-admintools/ipa-finduser @@ -92,7 +92,7 @@ def main(): return 2 elif counter == -1: print "These results are truncated." - print "Please revine your search and try again." + print "Please refine your search and try again." for ent in users: attr = ent.attrList() diff --git a/ipa-admintools/ipa-usermod b/ipa-admintools/ipa-usermod index 9d3e7794c..5d33700f9 100644 --- a/ipa-admintools/ipa-usermod +++ b/ipa-admintools/ipa-usermod @@ -124,8 +124,8 @@ def main(): if not options.gn: while (cont != True): givenname = raw_input("First name: [%s] " % user.getValue('givenname')) - if (ipavalidate.plain(givenname, notEmpty=False)): - print "Must be letters or '" + if (ipavalidate.String(givenname, notEmpty=False)): + print "Please enter a value" else: cont = True if len(givenname) < 1: @@ -133,16 +133,16 @@ def main(): cont = True else: givenname = options.gn - if (ipavalidate.plain(givenname, notEmpty=True)): - print "First name must be letters or '" + if (ipavalidate.String(givenname, notEmpty=True)): + print "Please enter a value" return 1 cont = False if not options.sn: while (cont != True): lastname = raw_input(" Last name: [%s] " % user.getValue('sn')) - if (ipavalidate.plain(lastname, notEmpty=False)): - print "Must be letters or '" + if (ipavalidate.String(lastname, notEmpty=False)): + print "Please enter a value" else: cont = True if len(lastname) < 1: @@ -150,21 +150,21 @@ def main(): cont = True else: lastname = options.sn - if (ipavalidate.plain(lastname, notEmpty=True)): - print "Last name must be letters or '" + if (ipavalidate.String(lastname, notEmpty=True)): + print "Please enter a value" return 1 cont = False if not options.mail: while (cont != True): mail = raw_input("E-mail addr: [%s]" % user.getValue('mail')) - if (ipavalidate.email(mail, notEmpty=False)): - print "Must include a user and domain name" + if (ipavalidate.Email(mail, notEmpty=False)): + print "E-mail must include a user and domain name" else: cont = True else: mail = options.mail - if (ipavalidate.email(mail)): + if (ipavalidate.Email(mail)): print "E-mail must include a user and domain name" return 1 @@ -174,8 +174,8 @@ def main(): if not options.gecos: while (cont != True): gecos = raw_input("gecos: [%s] " % user.getValue('gecos')) - if (ipavalidate.plain(gecos, notEmpty=False)): - print "Must be letters, numbers, spaces or '" + if (ipavalidate.String(gecos, notEmpty=False)): + print "Please enter a value" else: cont = True @@ -183,8 +183,8 @@ def main(): if not options.directory: while (cont != True): directory = raw_input("home directory: [%s] " % user.getValue('homeDirectory')) - if (ipavalidate.path(gecos, notEmpty=False)): - print "Must be letters, numbers, spaces or '" + if (ipavalidate.Path(gecos, notEmpty=False)): + print "Valid path is required" else: cont = True cont = False diff --git a/ipa-python/ipavalidate.py b/ipa-python/ipavalidate.py index 918c34a62..1750b8397 100644 --- a/ipa-python/ipavalidate.py +++ b/ipa-python/ipavalidate.py @@ -19,7 +19,7 @@ import re -def email(mail, notEmpty=True): +def Email(mail, notEmpty=True): """Do some basic validation of an e-mail address. Return 0 if ok Return 1 if not @@ -49,7 +49,7 @@ def email(mail, notEmpty=True): return 0 -def plain(text, notEmpty=False): +def Plain(text, notEmpty=False, allowSpaces=True): """Do some basic validation of a plain text field Return 0 if ok Return 1 if not @@ -57,23 +57,33 @@ def plain(text, notEmpty=False): If notEmpty is True the this will return an error if the field is "" or None. """ - textRE = re.compile(r"^[a-zA-Z_\-0-9\'\ ]*$") - - if not text and notEmpty is True: - return 1 - - if text is None: + if (text is None) or (not text.strip()): if notEmpty is True: return 1 else: return 0 + if allowSpaces: + textRE = re.compile(r"^[a-zA-Z_\-0-9\'\ ]*$") + else: + textRE = re.compile(r"^[a-zA-Z_\-0-9\']*$") if not textRE.search(text): return 1 return 0 -def path(text, notEmpty=False): +def String(text, notEmpty=False): + """A string type. This is much looser in what it allows than plain""" + + if text is None or not text.strip(): + if notEmpty is True: + return 1 + else: + return 0 + + return 0 + +def Path(text, notEmpty=False): """Do some basic validation of a path Return 0 if ok Return 1 if not diff --git a/ipa-python/test/test_ipavalidate.py b/ipa-python/test/test_ipavalidate.py index 507f7e022..677866d04 100644 --- a/ipa-python/test/test_ipavalidate.py +++ b/ipa-python/test/test_ipavalidate.py @@ -31,39 +31,54 @@ class TestValidate(unittest.TestCase): def tearDown(self): pass - def test_validemail(self): - self.assertEqual(0, ipavalidate.email("test@freeipa.org")) - self.assertEqual(0, ipavalidate.email("", notEmpty=False)) + def test_validEmail(self): + self.assertEqual(0, ipavalidate.Email("test@freeipa.org")) + self.assertEqual(0, ipavalidate.Email("", notEmpty=False)) - def test_invalidemail(self): - self.assertEqual(1, ipavalidate.email("test")) - self.assertEqual(1, ipavalidate.email("test@freeipa")) - self.assertEqual(1, ipavalidate.email("test@.com")) - self.assertEqual(1, ipavalidate.email("")) - self.assertEqual(1, ipavalidate.email(None)) + def test_invalidEmail(self): + self.assertEqual(1, ipavalidate.Email("test")) + self.assertEqual(1, ipavalidate.Email("test@freeipa")) + self.assertEqual(1, ipavalidate.Email("test@.com")) + self.assertEqual(1, ipavalidate.Email("")) + self.assertEqual(1, ipavalidate.Email(None)) - def test_validplain(self): - self.assertEqual(0, ipavalidate.plain("Joe User")) - self.assertEqual(0, ipavalidate.plain("Joe O'Malley")) - self.assertEqual(0, ipavalidate.plain("", notEmpty=False)) - self.assertEqual(0, ipavalidate.plain(None, notEmpty=False)) + def test_validPlain(self): + self.assertEqual(0, ipavalidate.Plain("Joe User")) + self.assertEqual(0, ipavalidate.Plain("Joe O'Malley")) + self.assertEqual(0, ipavalidate.Plain("", notEmpty=False)) + self.assertEqual(0, ipavalidate.Plain(None, notEmpty=False)) + self.assertEqual(0, ipavalidate.Plain("JoeUser", allowSpaces=False)) + self.assertEqual(0, ipavalidate.Plain("JoeUser", allowSpaces=True)) - def test_invalidplain(self): - self.assertEqual(1, ipavalidate.plain("Joe (User)")) - self.assertEqual(1, ipavalidate.plain("", notEmpty=True)) - self.assertEqual(1, ipavalidate.plain(None, notEmpty=True)) + def test_invalidPlain(self): + self.assertEqual(1, ipavalidate.Plain("Joe (User)")) + self.assertEqual(1, ipavalidate.Plain("Joe C. User")) + self.assertEqual(1, ipavalidate.Plain("", notEmpty=True)) + self.assertEqual(1, ipavalidate.Plain(None, notEmpty=True)) + self.assertEqual(1, ipavalidate.Plain("Joe User", allowSpaces=False)) - def test_validpath(self): - self.assertEqual(0, ipavalidate.path("/")) - self.assertEqual(0, ipavalidate.path("/home/user")) - self.assertEqual(0, ipavalidate.path("../home/user")) - self.assertEqual(0, ipavalidate.path("", notEmpty=False)) - self.assertEqual(0, ipavalidate.path(None, notEmpty=False)) + def test_validString(self): + self.assertEqual(0, ipavalidate.String("Joe User")) + self.assertEqual(0, ipavalidate.String("Joe O'Malley")) + self.assertEqual(1, ipavalidate.Plain("Joe C. User")) + self.assertEqual(0, ipavalidate.String("", notEmpty=False)) + self.assertEqual(0, ipavalidate.String(None, notEmpty=False)) - def test_invalidpath(self): - self.assertEqual(1, ipavalidate.path("(foo)")) - self.assertEqual(1, ipavalidate.path("", notEmpty=True)) - self.assertEqual(1, ipavalidate.path(None, notEmpty=True)) + def test_invalidString(self): + self.assertEqual(1, ipavalidate.String("", notEmpty=True)) + self.assertEqual(1, ipavalidate.String(None, notEmpty=True)) + + def test_validPath(self): + self.assertEqual(0, ipavalidate.Path("/")) + self.assertEqual(0, ipavalidate.Path("/home/user")) + self.assertEqual(0, ipavalidate.Path("../home/user")) + self.assertEqual(0, ipavalidate.Path("", notEmpty=False)) + self.assertEqual(0, ipavalidate.Path(None, notEmpty=False)) + + def test_invalidPath(self): + self.assertEqual(1, ipavalidate.Path("(foo)")) + self.assertEqual(1, ipavalidate.Path("", notEmpty=True)) + self.assertEqual(1, ipavalidate.Path(None, notEmpty=True)) if __name__ == '__main__': unittest.main() diff --git a/ipa-server/ipa-gui/ipagui/forms/Makefile.am b/ipa-server/ipa-gui/ipagui/forms/Makefile.am index 4f1f72d22..a7f3c7623 100644 --- a/ipa-server/ipa-gui/ipagui/forms/Makefile.am +++ b/ipa-server/ipa-gui/ipagui/forms/Makefile.am @@ -7,6 +7,7 @@ app_PYTHON = \ ipapolicy.py \ user.py \ delegate.py \ + principal.py \ $(NULL) EXTRA_DIST = \ diff --git a/ipa-server/ipa-gui/ipagui/forms/ipapolicy.py b/ipa-server/ipa-gui/ipagui/forms/ipapolicy.py index 1d48f8f33..0f9591fb5 100644 --- a/ipa-server/ipa-gui/ipagui/forms/ipapolicy.py +++ b/ipa-server/ipa-gui/ipagui/forms/ipapolicy.py @@ -9,23 +9,24 @@ class IPAPolicyFields(object): ipasearchtimelimit = widgets.TextField(name="ipasearchtimelimit", label="Search Time Limit (sec.)", attrs=dict(size=6,maxlength=6)) ipasearchrecordslimit = widgets.TextField(name="ipasearchrecordslimit", label="Search Records Limit", attrs=dict(size=6,maxlength=6)) ipahomesrootdir = widgets.TextField(name="ipahomesrootdir", label="Root for Home Directories") - ipadefaultloginshell = widgets.TextField(name="ipadefaultloginshell", label="Default shell") - ipadefaultprimarygroup = widgets.TextField(name="ipadefaultprimarygroup", label="Default Users group") + ipadefaultloginshell = widgets.TextField(name="ipadefaultloginshell", label="Default Shell") + ipadefaultprimarygroup = widgets.TextField(name="ipadefaultprimarygroup", label="Default User Group") ipamaxusernamelength = widgets.TextField(name="ipamaxusernamelength", label="Max. Username Length", attrs=dict(size=3,maxlength=3)) ipapwdexpadvnotify = widgets.TextField(name="ipapwdexpadvnotify", label="Password Expiration Notification (days)", attrs=dict(size=3,maxlength=3)) ipauserobjectclasses = widgets.TextField(name="ipauserobjectclasses", label="Default User Object Classes", attrs=dict(size=50)) userobjectclasses = ExpandingForm(name="userobjectclasses", label="Default User Object Classes", fields=[ipauserobjectclasses]) ipagroupobjectclasses = widgets.TextField(name="ipagroupobjectclasses", label="Default Group Object Classes", attrs=dict(size=50)) groupobjectclasses = ExpandingForm(name="groupobjectclasses", label="Default User Object Classes", fields=[ipagroupobjectclasses]) + ipadefaultemaildomain = widgets.TextField(name="ipadefaultemaildomain", label="Default E-mail Domain", attrs=dict(size=20)) ipapolicy_orig = widgets.HiddenField(name="ipapolicy_orig") # From cn=accounts krbmaxpwdlife = widgets.TextField(name="krbmaxpwdlife", label="Max. Password Lifetime (days)", attrs=dict(size=3,maxlength=3)) krbminpwdlife = widgets.TextField(name="krbminpwdlife", label="Min. Password Lifetime (hours)", attrs=dict(size=3,maxlength=3)) - krbpwdmindiffchars = widgets.TextField(name="krbpwdmindiffchars", label="Min. number of character classes", attrs=dict(size=3,maxlength=3)) - krbpwdminlength = widgets.TextField(name="krbpwdminlength", label="Min. Length of password", attrs=dict(size=3,maxlength=3)) - krbpwdhistorylength = widgets.TextField(name="krbpwdhistorylength", label="Password History size", attrs=dict(size=3,maxlength=3)) + krbpwdmindiffchars = widgets.TextField(name="krbpwdmindiffchars", label="Min. Number of Character Classes", attrs=dict(size=3,maxlength=3)) + krbpwdminlength = widgets.TextField(name="krbpwdminlength", label="Min. Length of Password", attrs=dict(size=3,maxlength=3)) + krbpwdhistorylength = widgets.TextField(name="krbpwdhistorylength", label="Password History Size", attrs=dict(size=3,maxlength=3)) password_orig = widgets.HiddenField(name="password_orig") @@ -41,6 +42,7 @@ class IPAPolicyValidator(validators.Schema): ipadefaultprimarygroup = validators.String(not_empty=True) ipauserobjectclasses = validators.ForEach(validators.String(not_empty=True)) ipagroupobjectclasses = validators.ForEach(validators.String(not_empty=True)) + ipadefaultemaildomain = validators.String(not_empty=True) krbmaxpwdlife = validators.Number(not_empty=True) krbminpwdlife = validators.Number(not_empty=True) diff --git a/ipa-server/ipa-gui/ipagui/static/css/style.css b/ipa-server/ipa-gui/ipagui/static/css/style.css index 6d68e8e37..8017e7427 100644 --- a/ipa-server/ipa-gui/ipagui/static/css/style.css +++ b/ipa-server/ipa-gui/ipagui/static/css/style.css @@ -395,9 +395,9 @@ ul.checkboxlist li input { .sortcol { cursor: pointer; - padding-right: 20px !important; + padding-left: 10px !important; background-repeat: no-repeat !important; - background-position: right center !important; + background-position: left center !important; text-decoration: underline; } .sortasc { diff --git a/ipa-server/ipa-gui/ipagui/subcontrollers/Makefile.am b/ipa-server/ipa-gui/ipagui/subcontrollers/Makefile.am index a0c6393fe..4a7ff58df 100644 --- a/ipa-server/ipa-gui/ipagui/subcontrollers/Makefile.am +++ b/ipa-server/ipa-gui/ipagui/subcontrollers/Makefile.am @@ -9,6 +9,7 @@ app_PYTHON = \ policy.py \ user.py \ delegation.py \ + principal.py \ $(NULL) EXTRA_DIST = \ diff --git a/ipa-server/ipa-gui/ipagui/subcontrollers/delegation.py b/ipa-server/ipa-gui/ipagui/subcontrollers/delegation.py index 142d34430..cee239e72 100644 --- a/ipa-server/ipa-gui/ipagui/subcontrollers/delegation.py +++ b/ipa-server/ipa-gui/ipagui/subcontrollers/delegation.py @@ -71,7 +71,7 @@ class DelegationController(IPAController): new_aci.source_group = kw.get('source_group_dn') new_aci.dest_group = kw.get('dest_group_dn') new_aci.attrs = kw.get('attrs') - if (new_aci.attrs, str): + if isinstance(new_aci.attrs, str): new_aci.attrs = [new_aci.attrs] # Look for an existing ACI of the same name diff --git a/ipa-server/ipa-gui/ipagui/subcontrollers/ipapolicy.py b/ipa-server/ipa-gui/ipagui/subcontrollers/ipapolicy.py index d8237331b..267f9d3e1 100644 --- a/ipa-server/ipa-gui/ipagui/subcontrollers/ipapolicy.py +++ b/ipa-server/ipa-gui/ipagui/subcontrollers/ipapolicy.py @@ -152,6 +152,9 @@ class IPAPolicyController(IPAController): if new_ipapolicy.ipagroupobjectclasses != kw.get('ipagroupobjectclasses'): policy_modified = True new_ipapolicy.setValue('ipagroupobjectclasses', kw.get('ipagroupobjectclasses')) + if new_ipapolicy.ipadefaultemaildomain != kw.get('ipadefaultemaildomain'): + policy_modified = True + new_ipapolicy.setValue('ipadefaultemaildomain', kw.get('ipadefaultemaildomain')) if policy_modified: rv = client.update_ipa_config(new_ipapolicy) diff --git a/ipa-server/ipa-gui/ipagui/subcontrollers/user.py b/ipa-server/ipa-gui/ipagui/subcontrollers/user.py index ea7735842..952278a08 100644 --- a/ipa-server/ipa-gui/ipagui/subcontrollers/user.py +++ b/ipa-server/ipa-gui/ipagui/subcontrollers/user.py @@ -29,14 +29,20 @@ user_edit_form = ipagui.forms.user.UserEditForm() user_fields = ['*', 'nsAccountLock'] -email_domain = ipa.config.config.default_realm.lower() - class UserController(IPAController): def __init__(self, *args, **kw): super(UserController,self).__init__(*args, **kw) # self.load_custom_fields() + def get_email_domain(self): + client = self.get_ipaclient() + + conf = client.get_ipa_config() + email_domain = conf.ipadefaultemaildomain + + return email_domain + def load_custom_fields(self): client = self.get_ipaclient() @@ -733,13 +739,13 @@ class UserController(IPAController): givenname = givenname.lower() sn = sn.lower() - email = "%s.%s@%s" % (givenname, sn, email_domain) + email = "%s.%s@%s" % (givenname, sn, self.get_email_domain()) try: client.get_user_by_email(email) except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND): return email - email = "%s@%s" % (self.suggest_uid(givenname, sn), email_domain) + email = "%s@%s" % (self.suggest_uid(givenname, sn), self.get_email_domain()) try: client.get_user_by_email(email) except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND): diff --git a/ipa-server/ipa-gui/ipagui/templates/Makefile.am b/ipa-server/ipa-gui/ipagui/templates/Makefile.am index 4bf8f142d..279b13d43 100644 --- a/ipa-server/ipa-gui/ipagui/templates/Makefile.am +++ b/ipa-server/ipa-gui/ipagui/templates/Makefile.am @@ -27,6 +27,10 @@ app_DATA = \ master.kid \ policyindex.kid \ policylayout.kid \ + principallayout.kid \ + principallist.kid \ + principalnewform.kid \ + principalnew.kid \ usereditform.kid \ useredit.kid \ userlayout.kid \ diff --git a/ipa-server/ipa-gui/ipagui/templates/ipapolicyeditform.kid b/ipa-server/ipa-gui/ipagui/templates/ipapolicyeditform.kid index 9584e4457..5114943c0 100644 --- a/ipa-server/ipa-gui/ipagui/templates/ipapolicyeditform.kid +++ b/ipa-server/ipa-gui/ipagui/templates/ipapolicyeditform.kid @@ -172,6 +172,16 @@ from ipagui.helpers import ipahelper py:content="tg.errors.get('ipadefaultprimarygroup')" /> </td> </tr> + <tr> + <th> + <label class="fieldlabel" py:content="ipapolicy_fields.ipadefaultemaildomain.label" />: + </th> + <td> + <span py:replace="ipapolicy_fields.ipadefaultemaildomain.display(value_for(ipapolicy_fields.ipadefaultemaildomain))" /> + <span py:if="tg.errors.get('ipadefaultemaildomain')" class="fielderror" + py:content="tg.errors.get('ipadefaultemaildomain')" /> + </td> + </tr> <tr> <th> <label class="fieldlabel" for="${ipapolicy_fields.userobjectclasses.field_id}" diff --git a/ipa-server/ipa-gui/ipagui/templates/ipapolicyshow.kid b/ipa-server/ipa-gui/ipagui/templates/ipapolicyshow.kid index 50c7d6d8a..26621eed6 100644 --- a/ipa-server/ipa-gui/ipagui/templates/ipapolicyshow.kid +++ b/ipa-server/ipa-gui/ipagui/templates/ipapolicyshow.kid @@ -114,6 +114,12 @@ edit_url = tg.url('/ipapolicy/edit') </tr> <tr> <th> + <label class="fieldlabel" py:content="fields.ipadefaultemaildomain.label" />: + </th> + <td>${ipapolicy.get("ipadefaultemaildomain")}</td> + </tr> + <tr> + <th> <label class="fieldlabel" py:content="fields.ipauserobjectclasses.label" />: </th> <td> diff --git a/ipa-server/ipa-install/share/60ipaconfig.ldif b/ipa-server/ipa-install/share/60ipaconfig.ldif index 552120991..f4edbcc97 100644 --- a/ipa-server/ipa-install/share/60ipaconfig.ldif +++ b/ipa-server/ipa-install/share/60ipaconfig.ldif @@ -33,9 +33,10 @@ attributetypes: ( 2.16.840.1.113730.3.8.1.10 NAME 'ipaPwdExpAdvNotify' EQUALITY attributetypes: ( 2.16.840.1.113730.3.8.1.11 NAME 'ipaUserObjectClasses' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) # ipaGroupObjectClasses - required objectclasses for groups attributetypes: ( 2.16.840.1.113730.3.8.1.12 NAME 'ipaGroupObjectClasses' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) +attributetypes: ( 2.16.840.1.113730.3.8.1.13 NAME 'ipaDefaultEmailDomain' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) ############################################### ## ## ObjectClasses ## ## ipaGuiConfig - GUI config parameters objectclass -objectClasses: ( 2.16.840.1.113730.3.8.2.1 NAME 'ipaGuiConfig' AUXILIARY MAY ( ipaUserSearchFields $ ipaGroupSearchFields $ ipaSearchTimeLimit $ ipaSearchRecordsLimit $ ipaCustomFields $ ipaHomesRootDir $ ipaDefaultLoginShell $ ipaDefaultPrimaryGroup $ ipaMaxUsernameLength $ ipaPwdExpAdvNotify $ ipaUserObjectClasses $ ipaGroupObjectClasses) ) +objectClasses: ( 2.16.840.1.113730.3.8.2.1 NAME 'ipaGuiConfig' AUXILIARY MAY ( ipaUserSearchFields $ ipaGroupSearchFields $ ipaSearchTimeLimit $ ipaSearchRecordsLimit $ ipaCustomFields $ ipaHomesRootDir $ ipaDefaultLoginShell $ ipaDefaultPrimaryGroup $ ipaMaxUsernameLength $ ipaPwdExpAdvNotify $ ipaUserObjectClasses $ ipaGroupObjectClasses $ ipaDefaultEmailDomain) ) diff --git a/ipa-server/ipa-install/share/bootstrap-template.ldif b/ipa-server/ipa-install/share/bootstrap-template.ldif index 3b79dfb62..3f0558d11 100644 --- a/ipa-server/ipa-install/share/bootstrap-template.ldif +++ b/ipa-server/ipa-install/share/bootstrap-template.ldif @@ -135,6 +135,7 @@ ipaUserObjectClasses: inetUser ipaUserObjectClasses: posixAccount ipaUserObjectClasses: krbPrincipalAux ipaUserObjectClasses: radiusprofile +ipaDefaultEmailDomain: $DOMAIN dn: cn=account inactivation,cn=accounts,$SUFFIX changetype: add diff --git a/ipa-server/ipa-install/share/default-aci.ldif b/ipa-server/ipa-install/share/default-aci.ldif index 83f927e3a..6b8afd28b 100644 --- a/ipa-server/ipa-install/share/default-aci.ldif +++ b/ipa-server/ipa-install/share/default-aci.ldif @@ -22,6 +22,7 @@ dn: cn=accounts,$SUFFIX changetype: modify add: aci aci: (targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX";) +aci: (targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX";) dn: cn=services,cn=accounts,$SUFFIX changetype: modify diff --git a/ipa-server/ipaserver/dsinstance.py b/ipa-server/ipaserver/dsinstance.py index 08b86035e..6ba721c3b 100644 --- a/ipa-server/ipaserver/dsinstance.py +++ b/ipa-server/ipaserver/dsinstance.py @@ -125,6 +125,7 @@ class DsInstance(service.Service): self.host_name = None self.dm_password = None self.sub_dict = None + self.domain = None def create_instance(self, ds_user, realm_name, host_name, dm_password, ro_replica=False): self.ds_user = ds_user @@ -133,6 +134,7 @@ class DsInstance(service.Service): self.suffix = realm_to_suffix(self.realm_name) self.host_name = host_name self.dm_password = dm_password + self.domain = host_name[host_name.find(".")+1:] self.__setup_sub_dict() if ro_replica: @@ -173,7 +175,7 @@ class DsInstance(service.Service): self.sub_dict = dict(FQHN=self.host_name, SERVERID=self.serverid, PASSWORD=self.dm_password, SUFFIX=self.suffix.lower(), REALM=self.realm_name, USER=self.ds_user, - SERVER_ROOT=server_root) + SERVER_ROOT=server_root, DOMAIN=self.domain) def __create_ds_user(self): self.step("creating directory server user") diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py index 485b6e255..8a49488b8 100644 --- a/ipa-server/xmlrpc-server/funcs.py +++ b/ipa-server/xmlrpc-server/funcs.py @@ -1425,8 +1425,6 @@ class IPAServer: # exact_match_filter = "(&(objectclass=krbPrincipalAux)(!(objectClass=person))(!(krbprincipalname=kadmin/*))%s)" % exact_match_filter partial_match_filter = "(&(objectclass=krbPrincipalAux)(!(objectClass=person))(!(krbprincipalname=kadmin/*))%s)" % partial_match_filter - print exact_match_filter - print partial_match_filter conn = self.getConnection(opts) try: |