diff options
author | Rob Crittenden <rcritten@redhat.com> | 2007-11-16 12:59:32 -0500 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2007-11-16 12:59:32 -0500 |
commit | 1967aafa3985fa87e02ae372164abe2524d9bd65 (patch) | |
tree | bfe6d2a5e39d60f5d3b7138bba281dbc770ee5ba /ipa-server/ipa-gui/ipagui/subcontrollers/ipapolicy.py | |
parent | 0a3ed697465db8179a15f3b64160d8d545710698 (diff) | |
download | freeipa-1967aafa3985fa87e02ae372164abe2524d9bd65.tar.gz freeipa-1967aafa3985fa87e02ae372164abe2524d9bd65.tar.xz freeipa-1967aafa3985fa87e02ae372164abe2524d9bd65.zip |
Implement the password policy UI and finish IPA policy UI
This includes a default password policy
Custom fields are now read from LDAP. The format is a list of
dicts with keys: label, field, required.
The LDAP-based configuration now specifies:
ipaUserSearchFields: uid,givenName,sn,telephoneNumber,ou,title
ipaGroupSearchFields: cn,description
ipaSearchTimeLimit: 2
ipaSearchRecordsLimit: 0
ipaCustomFields:
ipaHomesRootDir: /home
ipaDefaultLoginShell: /bin/sh
ipaDefaultPrimaryGroup: ipausers
ipaMaxUsernameLength: 8
ipaPwdExpAdvNotify: 4
This could use some optimization.
Diffstat (limited to 'ipa-server/ipa-gui/ipagui/subcontrollers/ipapolicy.py')
-rw-r--r-- | ipa-server/ipa-gui/ipagui/subcontrollers/ipapolicy.py | 113 |
1 files changed, 89 insertions, 24 deletions
diff --git a/ipa-server/ipa-gui/ipagui/subcontrollers/ipapolicy.py b/ipa-server/ipa-gui/ipagui/subcontrollers/ipapolicy.py index 5d9024275..781ca35d4 100644 --- a/ipa-server/ipa-gui/ipagui/subcontrollers/ipapolicy.py +++ b/ipa-server/ipa-gui/ipagui/subcontrollers/ipapolicy.py @@ -15,6 +15,7 @@ from turbogears import identity from ipacontroller import IPAController from ipa.entity import utf8_encode_values from ipa import ipaerror +import ipa.entity import ipagui.forms.ipapolicy import ldap.dn @@ -34,16 +35,14 @@ class IPAPolicyController(IPAController): @identity.require(identity.in_group("admins")) def show(self, tg_errors=None): """Displays the one policy page""" + client = self.get_ipaclient() + config = client.get_ipa_config() + ipapolicy = config.toDict() + + ppolicy = client.get_password_policy() + password = ppolicy.toDict() - # TODO: Get this dict from LDAP - ipapolicy = {} - ipapolicy['searchlimit'] = 2 - ipapolicy['maxuidlength'] = 3 - ipapolicy['passwordnotif'] = 4 - ipapolicy['homedir'] = "/home" - ipapolicy['defaultgroup'] = "ipausers" - ipapolicy['defaultshell'] = "/bin/bash" - return dict(ipapolicy=ipapolicy,fields=ipagui.forms.ipapolicy.IPAPolicyFields()) + return dict(ipapolicy=ipapolicy,password=password,fields=ipagui.forms.ipapolicy.IPAPolicyFields()) @expose("ipagui.templates.ipapolicyedit") @identity.require(identity.in_group("admins")) @@ -54,18 +53,28 @@ class IPAPolicyController(IPAController): "Please see the messages below for details.") try: - # TODO: Get this dict from LDAP - ipapolicy_dict = {} - ipapolicy_dict['searchlimit'] = 2 - ipapolicy_dict['maxuidlength'] = 3 - ipapolicy_dict['passwordnotif'] = 4 - ipapolicy_dict['homedir'] = "/home" - ipapolicy_dict['defaultgroup'] = "ipausers" - ipapolicy_dict['defaultshell'] = "/bin/bash" + client = self.get_ipaclient() + config = client.get_ipa_config() + ipapolicy_dict = config.toDict() + + ppolicy = client.get_password_policy() + password_dict = ppolicy.toDict() + + # store a copy of the original policy for the update later + ipapolicy_data = b64encode(dumps(ipapolicy_dict)) + ipapolicy_dict['ipapolicy_orig'] = ipapolicy_data + + # store a copy of the original policy for the update later + password_data = b64encode(dumps(password_dict)) + password_dict['password_orig'] = password_data + + # Combine the 2 dicts to make the form easier + ipapolicy_dict.update(password_dict) + return dict(form=ipapolicy_edit_form, ipapolicy=ipapolicy_dict) except ipaerror.IPAError, e: turbogears.flash("IPA Policy edit failed: " + str(e) + "<br/>" + str(e.detail)) - raise turbogears.redirect('/group/show', uid=cn) + raise turbogears.redirect('/ipapolicy/show') @expose() @@ -86,16 +95,72 @@ class IPAPolicyController(IPAController): return dict(form=ipapolicy_edit_form, ipapolicy=kw, tg_template='ipagui.templates.ipapolicyedit') - try: + policy_modified = False + password_modified = False - # TODO: Actually save the data + try: + orig_ipapolicy_dict = loads(b64decode(kw.get('ipapolicy_orig'))) + orig_password_dict = loads(b64decode(kw.get('password_orig'))) + + new_ipapolicy = ipa.entity.Entity(orig_ipapolicy_dict) + new_password = ipa.entity.Entity(orig_password_dict) + + if str(new_ipapolicy.ipasearchtimelimit) != str(kw.get('ipasearchtimelimit')): + policy_modified = True + new_ipapolicy.setValue('ipasearchtimelimit', kw.get('ipasearchtimelimit')) + if str(new_ipapolicy.ipasearchrecordslimit) != str(kw.get('ipasearchrecordslimit')): + policy_modified = True + new_ipapolicy.setValue('ipasearchrecordslimit', kw.get('ipasearchrecordslimit')) + if new_ipapolicy.ipausersearchfields != kw.get('ipausersearchfields'): + policy_modified = True + new_ipapolicy.setValue('ipausersearchfields', kw.get('ipausersearchfields')) + if new_ipapolicy.ipagroupsearchfields != kw.get('ipagroupsearchfields'): + policy_modified = True + new_ipapolicy.setValue('ipagroupsearchfields', kw.get('ipagroupsearchfields')) + if str(new_ipapolicy.ipapwdexpadvnotify) != str(kw.get('ipapwdexpadvnotify')): + policy_modified = True + new_ipapolicy.setValue('ipapwdexpadvnotify', kw.get('ipapwdexpadvnotify')) + if str(new_ipapolicy.ipamaxusernamelength) != str(kw.get('ipamaxusernamelength')): + policy_modified = True + new_ipapolicy.setValue('ipamaxusernamelength', kw.get('ipamaxusernamelength')) + if new_ipapolicy.ipahomesrootdir != kw.get('ipahomesrootdir'): + policy_modified = True + new_ipapolicy.setValue('ipahomesrootdir', kw.get('ipahomesrootdir')) + if new_ipapolicy.ipadefaultloginshell != kw.get('ipadefaultloginshell'): + policy_modified = True + new_ipapolicy.setValue('ipadefaultloginshell', kw.get('ipadefaultloginshell')) + if new_ipapolicy.ipadefaultprimarygroup != kw.get('ipadefaultprimarygroup'): + policy_modified = True + new_ipapolicy.setValue('ipadefaultprimarygroup', kw.get('ipadefaultprimarygroup')) + + if policy_modified: + rv = client.update_ipa_config(new_ipapolicy) + + # Now check the password policy for updates + if str(new_password.krbmaxpwdlife) != str(kw.get('krbmaxpwdlife')): + password_modified = True + new_password.setValue('krbmaxpwdlife', str(kw.get('krbmaxpwdlife'))) + if str(new_password.krbminpwdlife) != str(kw.get('krbminpwdlife')): + password_modified = True + new_password.setValue('krbminpwdlife', str(kw.get('krbminpwdlife'))) + if str(new_password.krbpwdhistorylength) != str(kw.get('krbpwdhistorylength')): + password_modified = True + new_password.setValue('krbpwdhistorylength', str(kw.get('krbpwdhistorylength'))) + if str(new_password.krbpwdmindiffchars) != str(kw.get('krbpwdmindiffchars')): + password_modified = True + new_password.setValue('krbpwdmindiffchars', str(kw.get('krbpwdmindiffchars'))) + if str(new_password.krbpwdminlength) != str(kw.get('krbpwdminlength')): + password_modified = True + new_password.setValue('krbpwdminlength', str(kw.get('krbpwdminlength'))) + if password_modified: + rv = client.update_password_policy(new_password) turbogears.flash("IPA Policy updated") raise turbogears.redirect('/ipapolicy/show') - except (SyntaxError, ipaerror.IPAError), e: - turbogears.flash("Policy update failed: " + str(e)) - return dict(form=policy_form, policy=kw, - tg_template='ipagui.templates.policyindex') + except ipaerror.IPAError, e: + turbogears.flash("Policy update failed: " + str(e) + e.detail[0]['desc']) + return dict(form=ipapolicy_edit_form, ipapolicy=kw, + tg_template='ipagui.templates.ipapolicyedit') @validate(form=ipapolicy_edit_form) @identity.require(identity.not_anonymous()) |