Add ipaUniqueID to HBAC services and service groups

Also fix the memberOf attribute for the HBAC services

7 files changed, 10 insertions, 35 deletions

diff --git a/install/share/60basev2.ldif b/install/share/60basev2.ldif
index 10edaba61..0112142c2 100644
--- a/install/share/60basev2.ldif
+++ b/install/share/60basev2.ldif
@@ -42,7 +42,7 @@ objectClasses: (1.3.6.1.1.1.2.16 NAME 'automountMap' DESC 'Automount Map informa
 objectClasses: (1.3.6.1.1.1.2.17 NAME 'automount' DESC 'Automount information' SUP top STRUCTURAL MUST ( automountKey $ automountInformation ) MAY description X-ORIGIN 'RFC 2307bis' )
 attributeTypes: (2.16.840.1.113730.3.8.3.17 NAME 'hostCApolicy' DESC 'Policy on how to treat host requests for cert operations.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v2' )
 objectClasses: (2.16.840.1.113730.3.8.4.9 NAME 'ipaCAaccess' STRUCTURAL MAY (member $ hostCApolicy) X-ORIGIN 'IPA v2' )
-objectClasses: (2.16.840.1.113730.3.8.4.10 NAME 'ipaHBACService' AUXILIARY MUST ( cn ) MAY ( description ) X-ORIGIN 'IPA v2' )
+objectClasses: (2.16.840.1.113730.3.8.4.10 NAME 'ipaHBACService' AUXILIARY MUST ( cn ) MAY ( description $ memberOf ) X-ORIGIN 'IPA v2' )
 objectClasses: (2.16.840.1.113730.3.8.4.11 NAME 'ipaHBACServiceGroup' DESC 'IPA HBAC service group object class' SUP nestedGroup STRUCTURAL X-ORIGIN 'IPA v2' )
 attributeTypes: (1.3.6.1.4.1.2428.20.0.0 NAME 'dNSTTL' DESC 'An integer denoting time to live' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
 attributeTypes: (1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass' DESC 'The class of a resource record' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
diff --git a/install/share/default-hbac.ldif b/install/share/default-hbac.ldif
index ecbaeaedd..29ec88838 100644
--- a/install/share/default-hbac.ldif
+++ b/install/share/default-hbac.ldif
@@ -13,33 +13,3 @@ ipaenabledflag: TRUE
 description: Allow all users to access any host from any host
 # ipauniqueid gets added for us by 389-ds
 
-dn: cn=sshd,cn=hbacservices,cn=accounts,$SUFFIX
-changetype: add
-objectclass: ipahbacservice
-cn: sshd
-description: sshd
-
-dn: cn=ftp,cn=hbacservices,cn=accounts,$SUFFIX
-changetype: add
-objectclass: ipahbacservice
-cn: ftp
-description: ftp
-
-dn: cn=sudo,cn=hbacservices,cn=accounts,$SUFFIX
-changetype: add
-objectclass: ipahbacservice
-cn: sudo
-description: sudo
-
-dn: cn=su,cn=hbacservices,cn=accounts,$SUFFIX
-changetype: add
-objectclass: ipahbacservice
-cn: su
-description: su
-
-dn: cn=login,cn=hbacservices,cn=accounts,$SUFFIX
-changetype: add
-objectclass: ipahbacservice
-cn: login
-description: login
-
diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am
index 24a1b5e58..72acf7f4a 100644
--- a/install/updates/Makefile.am
+++ b/install/updates/Makefile.am
@@ -10,6 +10,7 @@ app_DATA =				\
 	20-replication.update		\
 	20-winsync_index.update		\
 	30-automount.update		\
+	30-hbacsvc.update		\
 	30-groupofhosts.update		\
 	30-netgroups.update		\
 	30-rolegroup.update		\
diff --git a/ipalib/plugins/hbacsvc.py b/ipalib/plugins/hbacsvc.py
index a85d94019..f6eda165f 100644
--- a/ipalib/plugins/hbacsvc.py
+++ b/ipalib/plugins/hbacsvc.py
@@ -36,10 +36,9 @@ class hbacsvc(LDAPObject):
     container_dn = api.env.container_hbacservice
     object_name = 'service'
     object_name_plural = 'services'
-    object_class = [
-        'ipahbacservice',
-    ]
+    object_class = [ 'ipaobject', 'ipahbacservice' ]
     default_attributes = ['cn', 'description']
+    uuid_attribute = 'ipauniqueid'
 
     label = _('Services')
 
diff --git a/ipalib/plugins/hbacsvcgroup.py b/ipalib/plugins/hbacsvcgroup.py
index 37ea94f43..cc0d4fd46 100644
--- a/ipalib/plugins/hbacsvcgroup.py
+++ b/ipalib/plugins/hbacsvcgroup.py
@@ -32,8 +32,9 @@ class hbacsvcgroup(LDAPObject):
     container_dn = api.env.container_hbacservicegroup
     object_name = 'servicegroup'
     object_name_plural = 'servicegroups'
-    object_class = ['ipahbacservicegroup']
+    object_class = ['ipaobject', 'ipahbacservicegroup']
     default_attributes = [ 'cn', 'description', 'member', 'memberof', ]
+    uuid_attribute = 'ipauniqueid'
     attribute_members = {
         'member': ['hbacsvc', 'hbacsvcgroup'],
         'memberof': ['hbacsvcgroup'],
diff --git a/tests/test_xmlrpc/objectclasses.py b/tests/test_xmlrpc/objectclasses.py
index 505190241..65811fa74 100644
--- a/tests/test_xmlrpc/objectclasses.py
+++ b/tests/test_xmlrpc/objectclasses.py
@@ -83,10 +83,12 @@ service = [
 ]
 
 hbacsvc = [
+    u'ipaobject',
     u'ipahbacservice',
 ]
 
 hbacsvcgroup = [
+    u'ipaobject',
     u'ipahbacservicegroup',
     u'nestedGroup',
     u'groupOfNames',
diff --git a/tests/test_xmlrpc/test_hbacsvcgroup_plugin.py b/tests/test_xmlrpc/test_hbacsvcgroup_plugin.py
index c06dc8b45..8264ae903 100644
--- a/tests/test_xmlrpc/test_hbacsvcgroup_plugin.py
+++ b/tests/test_xmlrpc/test_hbacsvcgroup_plugin.py
@@ -77,6 +77,7 @@ class test_hbacsvcgroup(Declarative):
                     cn=[hbacsvcgroup1],
                     objectclass=objectclasses.hbacsvcgroup,
                     description=[u'Test hbacsvcgroup 1'],
+                    ipauniqueid=[fuzzy_uuid],
                 ),
             ),
         ),
@@ -106,6 +107,7 @@ class test_hbacsvcgroup(Declarative):
                     cn=[hbacsvc1],
                     description=[u'Test service 1'],
                     objectclass=objectclasses.hbacsvc,
+                    ipauniqueid=[fuzzy_uuid],
                 ),
             ),
         ),