summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTomas Babej <tbabej@redhat.com>2014-09-22 12:19:26 +0200
committerTomas Babej <tbabej@redhat.com>2014-09-22 13:49:32 +0200
commita3853771c0acf321d738ec0c20594fa3f505b12c (patch)
tree0459ba6c2ec6c2512a697cf57a5d7510b77b82a2
parentd4a1f2139f341b4b0017f5d210c230a059b3c1a6 (diff)
downloadfreeipa-a3853771c0acf321d738ec0c20594fa3f505b12c.zip
freeipa-a3853771c0acf321d738ec0c20594fa3f505b12c.tar.gz
freeipa-a3853771c0acf321d738ec0c20594fa3f505b12c.tar.xz
idviews: Add Default Trust View as part of adtrustinstall
-rw-r--r--install/share/Makefile.am1
-rw-r--r--install/share/default-trust-view.ldif6
-rw-r--r--ipaserver/install/adtrustinstance.py22
3 files changed, 29 insertions, 0 deletions
diff --git a/install/share/Makefile.am b/install/share/Makefile.am
index e72623a..7d8ceb6 100644
--- a/install/share/Makefile.am
+++ b/install/share/Makefile.am
@@ -26,6 +26,7 @@ app_DATA = \
default-aci.ldif \
default-hbac.ldif \
default-smb-group.ldif \
+ default-trust-view.ldif \
delegation.ldif \
disable-betxn.ldif \
replica-acis.ldif \
diff --git a/install/share/default-trust-view.ldif b/install/share/default-trust-view.ldif
new file mode 100644
index 0000000..d782b47
--- /dev/null
+++ b/install/share/default-trust-view.ldif
@@ -0,0 +1,6 @@
+dn: cn=Default Trust View,cn=views,cn=accounts,$SUFFIX
+changetype: add
+cn: Default Trust View
+description: Default Trust View for AD users. Should not be deleted.
+objectclass: top
+objectclass: ipaIDView
diff --git a/ipaserver/install/adtrustinstance.py b/ipaserver/install/adtrustinstance.py
index 38b0801..277baad 100644
--- a/ipaserver/install/adtrustinstance.py
+++ b/ipaserver/install/adtrustinstance.py
@@ -241,6 +241,27 @@ class ADTRUSTInstance(service.Service):
except:
self.print_msg("Failed to modify IPA admin group object")
+ def __add_default_trust_view(self):
+ default_view_dn = DN(('cn', 'Default Trust View'),
+ api.env.container_views, self.suffix)
+
+ try:
+ self.admin_conn.get_entry(default_view_dn)
+ except errors.NotFound:
+ try:
+ self._ldap_mod('default-trust-view.ldif', self.sub_dict)
+ except Exception, e:
+ self.print_msg("Failed to add default trust view.")
+ raise e
+ else:
+ self.print_msg("Default Trust View already exists.")
+
+ # _ldap_mod does not return useful error codes, so we must check again
+ # if the default trust view was created properly.
+ try:
+ self.admin_conn.get_entry(default_view_dn)
+ except errors.NotFound:
+ self.print_msg("Failed to add Default Trust View.")
def __add_fallback_group(self):
"""
@@ -875,6 +896,7 @@ class ADTRUSTInstance(service.Service):
self.step("restarting Directory Server to take MS PAC and LDAP plugins changes into account", \
self.__restart_dirsrv)
self.step("adding fallback group", self.__add_fallback_group)
+ self.step("adding Default Trust View", self.__add_default_trust_view)
self.step("setting SELinux booleans", \
self.__configure_selinux_for_smbd)
self.step("starting CIFS services", self.__start)