diff options
author | Simo Sorce <ssorce@redhat.com> | 2007-08-30 19:42:39 -0400 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2007-08-30 19:42:39 -0400 |
commit | de96b9a9da7d9bd27161058ce81c194350a1f359 (patch) | |
tree | 02cb20ed6ac0098d1e8ca75f46131332e4510609 /ipa-server/xmlrpc-server | |
parent | 12b46527c69fcf137962d62fc4062aba73c6225b (diff) | |
parent | 09621f13191e86e6473f9093db88e41c4ec76db6 (diff) | |
download | freeipa-de96b9a9da7d9bd27161058ce81c194350a1f359.tar.gz freeipa-de96b9a9da7d9bd27161058ce81c194350a1f359.tar.xz freeipa-de96b9a9da7d9bd27161058ce81c194350a1f359.zip |
Megre in form upstream
Diffstat (limited to 'ipa-server/xmlrpc-server')
-rw-r--r-- | ipa-server/xmlrpc-server/funcs.py | 111 | ||||
-rw-r--r-- | ipa-server/xmlrpc-server/ipaxmlrpc.py | 3 |
2 files changed, 101 insertions, 13 deletions
diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py index 23576b358..8601bbf8a 100644 --- a/ipa-server/xmlrpc-server/funcs.py +++ b/ipa-server/xmlrpc-server/funcs.py @@ -372,9 +372,8 @@ class IPAServer: return users def find_users (self, criteria, sattrs=None, opts=None): - """Return a list containing a User object for each - existing user that matches the criteria. - """ + """Returns a list: counter followed by the results. + If the results are truncated, counter will be set to -1.""" global _LDAPPool if opts: @@ -385,7 +384,7 @@ class IPAServer: # Assume the list of fields to search will come from a central # configuration repository. A good format for that would be # a comma-separated list of fields - search_fields_conf_str = "uid,givenName,sn,telephoneNumber" + search_fields_conf_str = "uid,givenName,sn,telephoneNumber,ou,carLicense,title" search_fields = string.split(search_fields_conf_str, ",") criteria = self.__safe_filter(criteria) @@ -400,25 +399,36 @@ class IPAServer: m1 = _LDAPPool.getConn(self.host,self.port,self.bindca,self.bindcert,self.bindkey,dn) try: try: - exact_results = m1.getList(self.basedn, self.scope, + exact_results = m1.getListAsync(self.basedn, self.scope, exact_match_filter, sattrs) except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND): - exact_results = [] + exact_results = [0] try: - partial_results = m1.getList(self.basedn, self.scope, + partial_results = m1.getListAsync(self.basedn, self.scope, partial_match_filter, sattrs) except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND): - partial_results = [] + partial_results = [0] finally: _LDAPPool.releaseConn(m1) + exact_counter = exact_results[0] + partial_counter = partial_results[0] + + exact_results = exact_results[1:] + partial_results = partial_results[1:] + # Remove exact matches from the partial_match list exact_dns = set(map(lambda e: e.dn, exact_results)) partial_results = filter(lambda e: e.dn not in exact_dns, partial_results) - users = [] + if (exact_counter == -1) or (partial_counter == -1): + counter = -1 + else: + counter = len(exact_results) + len(partial_results) + + users = [counter] for u in exact_results + partial_results: users.append(self.convert_entry(u)) @@ -466,6 +476,29 @@ class IPAServer: _LDAPPool.releaseConn(m1) return res + def delete_user (self, uid, opts=None): + """Delete a user. Not to be confused with inactivate_user. This + makes the entry go away completely. + + uid is the uid of the user to delete + + The memberOf plugin handles removing the user from any other + groups. + """ + if opts: + self.set_principal(opts['remoteuser']) + + dn = self.get_dn_from_principal(self.princ) + + user_dn = self.get_user_by_uid(uid, ['dn', 'uid', 'objectclass'], opts) + if user_dn is None: + raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND) + + m1 = _LDAPPool.getConn(self.host,self.port,self.bindca,self.bindcert,self.bindkey,dn) + res = m1.deleteEntry(user_dn['dn']) + _LDAPPool.releaseConn(m1) + return res + # Group support def __is_group_unique(self, cn, opts): @@ -473,11 +506,10 @@ class IPAServer: cn = self.__safe_filter(cn) filter = "(&(cn=%s)(objectclass=posixGroup))" % cn - entry = self.__get_entry(self.basedn, filter, ['dn','cn'], opts) - - if entry is not None: + try: + entry = self.__get_entry(self.basedn, filter, ['dn','cn'], opts) return 0 - else: + except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND): return 1 def get_group_by_cn (self, cn, sattrs=None, opts=None): @@ -681,6 +713,59 @@ class IPAServer: """Update a group in LDAP""" return self.__update_entry(oldgroup, newgroup, opts) + def delete_group (self, group_cn, opts=None): + """Delete a group + group_cn is the cn of the group to delete + + The memberOf plugin handles removing the group from any other + groups. + """ + if opts: + self.set_principal(opts['remoteuser']) + + dn = self.get_dn_from_principal(self.princ) + + group = self.get_group_by_cn(group_cn, ['dn', 'cn'], opts) + + if len(group) != 1: + raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND) + + m1 = _LDAPPool.getConn(self.host,self.port,self.bindca,self.bindcert,self.bindkey,dn) + res = m1.deleteEntry(group[0]['dn']) + _LDAPPool.releaseConn(m1) + return res + + def add_group_to_group(self, group, tgroup, opts=None): + """Add a user to an existing group. + group is a cn of the group to add + tgroup is the cn of the group to be added to + """ + + if opts: + self.set_principal(opts['remoteuser']) + + old_group = self.get_group_by_cn(tgroup, None, opts) + if old_group is None: + raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND) + new_group = copy.deepcopy(old_group) + + group_dn = self.get_group_by_cn(group, ['dn', 'cn', 'objectclass'], opts) + if group_dn is None: + raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND) + + if new_group.get('uniquemember') is not None: + if ((isinstance(new_group.get('uniquemember'), str)) or (isinstance(new_group.get('uniquemember'), unicode))): + new_group['uniquemember'] = [new_group['uniquemember']] + new_group['uniquemember'].append(group_dn['dn']) + else: + new_group['uniquemember'] = group_dn['dn'] + + try: + ret = self.__update_entry(old_group, new_group, opts) + except ipaerror.exception_for(ipaerror.LDAP_EMPTY_MODLIST): + raise + return ret + def ldap_search_escape(match): """Escapes out nasty characters from the ldap search. See RFC 2254.""" diff --git a/ipa-server/xmlrpc-server/ipaxmlrpc.py b/ipa-server/xmlrpc-server/ipaxmlrpc.py index 16ced2cda..5dc60b51b 100644 --- a/ipa-server/xmlrpc-server/ipaxmlrpc.py +++ b/ipa-server/xmlrpc-server/ipaxmlrpc.py @@ -300,6 +300,7 @@ def handler(req, profiling=False): h.register_function(f.get_all_users) h.register_function(f.find_users) h.register_function(f.update_user) + h.register_function(f.delete_user) h.register_function(f.mark_user_deleted) h.register_function(f.get_group_by_cn) h.register_function(f.get_group_by_dn) @@ -307,9 +308,11 @@ def handler(req, profiling=False): h.register_function(f.find_groups) h.register_function(f.add_user_to_group) h.register_function(f.add_users_to_group) + h.register_function(f.add_group_to_group) h.register_function(f.remove_user_from_group) h.register_function(f.remove_users_from_group) h.register_function(f.update_group) + h.register_function(f.delete_group) h.handle_request(req) finally: pass |