Rely more on kerberos.

Don't read ipa.conf to get the realm, the kerberos libs do that for you.
Use the krbPrincipalName to change passwords
Make it possible to specify the principal at user creation.
Mail is not a required attribute so far, don't require it.

2 files changed, 32 insertions, 16 deletions

diff --git a/ipa-python/ipaclient.py b/ipa-python/ipaclient.py
index 27ad1c246..47788f39b 100644
--- a/ipa-python/ipaclient.py
+++ b/ipa-python/ipaclient.py
@@ -35,7 +35,6 @@ class IPAClient:
 
     def __init__(self,local=None):
         self.local = local
-        ipa.config.init_config()
         if local:
             self.transport = funcs.IPAServer()
             # client needs to call set_principal(user@REALM)
@@ -69,6 +68,13 @@ class IPAClient:
         result = self.transport.get_user_by_dn(dn,sattrs)
         return user.User(result)
 
+    def get_user_by_principal(self,principal,sattrs=None):
+        """Get a specific user by uid. If sattrs is set then only those
+           attributes will be returned, otherwise all available attributes
+           are returned."""
+        result = self.transport.get_user_by_principal(principal,sattrs)
+        return user.User(result)
+
     def get_users_by_manager(self,manager_dn,sattrs=None):
         """Gets the users the report to a particular manager.
            If sattrs is not None then only those
@@ -81,8 +87,6 @@ class IPAClient:
     def add_user(self,user,user_container=None):
         """Add a user. user is a ipa.user.User object"""
 
-        realm = config.config.get_realm()
-
         user_dict = user.toDict()
 
         # dn is set on the server-side
@@ -126,31 +130,25 @@ class IPAClient:
     def update_user(self,user):
         """Update a user entry."""
 
-        realm = config.config.get_realm()
-
         result = self.transport.update_user(user.origDataDict(), user.toDict())
         return result
 
     def delete_user(self,uid):
         """Delete a user entry."""
 
-        realm = config.config.get_realm()
-
         result = self.transport.delete_user(uid)
         return result
 
-    def modifyPassword(self,uid,oldpass,newpass):
+    def modifyPassword(self,principal,oldpass,newpass):
         """Modify a user's password"""
 
-        result = self.transport.modifyPassword(uid,oldpass,newpass)
+        result = self.transport.modifyPassword(principal,oldpass,newpass)
 
         return result
 
     def mark_user_deleted(self,uid):
         """Set a user as inactive by uid."""
 
-        realm = config.config.get_realm()
-
         result = self.transport.mark_user_deleted(uid)
         return result
 
@@ -182,8 +180,6 @@ class IPAClient:
     def add_group(self,group,group_container=None):
         """Add a group. group is a ipa.group.Group object"""
 
-        realm = config.config.get_realm()
-
         group_dict = group.toDict()
 
         # dn is set on the server-side
@@ -238,6 +234,8 @@ class IPAClient:
 
     def add_user_to_group(self, user_uid, group_cn):
         """Add a user to an existing group.
+           user is a uid of the user to add
+           group is the cn of the group to be added to
         """
 
         return self.transport.add_user_to_group(user_uid, group_cn)
@@ -253,6 +251,8 @@ class IPAClient:
 
     def remove_user_from_group(self, user_uid, group_cn):
         """Remove a user from an existing group.
+           user is a uid of the user to remove
+           group is the cn of the group to be removed from
         """
 
         return self.transport.remove_user_from_group(user_uid, group_cn)
diff --git a/ipa-python/rpcclient.py b/ipa-python/rpcclient.py
index 9f02b374f..0327357dc 100644
--- a/ipa-python/rpcclient.py
+++ b/ipa-python/rpcclient.py
@@ -84,7 +84,7 @@ class RPCClient:
             raise xmlrpclib.Fault(value, msg)
 
         return ipautil.unwrap_binary_data(result)
-        
+ 
     def get_user_by_dn(self,dn,sattrs=None):
         """Get a specific user. If sattrs is not None then only those
            attributes will be returned, otherwise all available
@@ -101,6 +101,22 @@ class RPCClient:
 
         return ipautil.unwrap_binary_data(result)
 
+    def get_user_by_principal(self,principal,sattrs=None):
+        """Get a specific user. If sattrs is not None then only those
+           attributes will be returned, otherwise all available
+           attributes are returned. The result is a dict."""
+        server = self.setup_server()
+        if sattrs is None:
+            sattrs = "__NONE__"
+        try:
+            result = server.get_user_by_principal(principal, sattrs)
+        except xmlrpclib.Fault, fault:
+            raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
+        except socket.error, (value, msg):
+            raise xmlrpclib.Fault(value, msg)
+
+        return ipautil.unwrap_binary_data(result)
+ 
     def get_users_by_manager(self,manager_dn,sattrs=None):
         """Gets the users that report to a manager.
            If sattrs is not None then only those
@@ -212,7 +228,7 @@ class RPCClient:
 
         return result
 
-    def modifyPassword(self,uid,oldpass,newpass):
+    def modifyPassword(self,principal,oldpass,newpass):
         """Modify a user's password"""
         server = self.setup_server()
 
@@ -220,7 +236,7 @@ class RPCClient:
             oldpass = "__NONE__"
     
         try:
-            result = server.modifyPassword(uid,oldpass,newpass)
+            result = server.modifyPassword(principal,oldpass,newpass)
         except xmlrpclib.Fault, fault:
             raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
         except socket.error, (value, msg):