Utilize user and group objectclass lists in cn=ipaconfig

Change the syntax on user and group objectclasses in cn=ipaconfig
author: Rob Crittenden <rcritten@redhat.com> 2007-12-06 00:30:26 -0500
committer: Rob Crittenden <rcritten@redhat.com> 2007-12-06 00:30:26 -0500
commit: 6ea3d9610e62322b843b22b6acf531dce384305c (patch)
tree: c1f391a3c1e284abbe3686f245be7af36eb6cbf4 /ipa-server
parent: ca118de76cb036acb31eae41970b962497d18838 (diff)
download: freeipa-6ea3d9610e62322b843b22b6acf531dce384305c.tar.gz
freeipa-6ea3d9610e62322b843b22b6acf531dce384305c.tar.xz
freeipa-6ea3d9610e62322b843b22b6acf531dce384305c.zip
3 files changed, 36 insertions, 6 deletions
diff --git a/ipa-server/ipa-install/share/60ipaconfig.ldif b/ipa-server/ipa-install/share/60ipaconfig.ldif
index b9371e779..552120991 100644
--- a/ipa-server/ipa-install/share/60ipaconfig.ldif
+++ b/ipa-server/ipa-install/share/60ipaconfig.ldif
@@ -30,9 +30,9 @@ attributetypes: ( 2.16.840.1.113730.3.8.1.9 NAME 'ipaMaxUsernameLength' EQUALITY
 ## ipaPwdExpAdvNotify - time in days to send out paswword expiration notification before passwpord actually expires
 attributetypes: ( 2.16.840.1.113730.3.8.1.10 NAME 'ipaPwdExpAdvNotify' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
 # ipaUserObjectClasses - required objectclasses for users
-attributetypes: ( 2.16.840.1.113730.3.8.1.11 NAME 'ipaUserObjectClasses' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27)
+attributetypes: ( 2.16.840.1.113730.3.8.1.11 NAME 'ipaUserObjectClasses' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
 # ipaGroupObjectClasses - required objectclasses for groups
-attributetypes: ( 2.16.840.1.113730.3.8.1.12 NAME 'ipaGroupObjectClasses' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27)
+attributetypes: ( 2.16.840.1.113730.3.8.1.12 NAME 'ipaGroupObjectClasses' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
 ###############################################
 ##
 ## ObjectClasses
diff --git a/ipa-server/ipa-install/share/bootstrap-template.ldif b/ipa-server/ipa-install/share/bootstrap-template.ldif
index fb124a790..3b79dfb62 100644
--- a/ipa-server/ipa-install/share/bootstrap-template.ldif
+++ b/ipa-server/ipa-install/share/bootstrap-template.ldif
@@ -123,6 +123,18 @@ ipaDefaultLoginShell: /bin/sh
 ipaDefaultPrimaryGroup: ipausers
 ipaMaxUsernameLength: 8
 ipaPwdExpAdvNotify: 4
+ipaGroupObjectClasses: top
+ipaGroupObjectClasses: groupofnames
+ipaGroupObjectClasses: posixGroup
+ipaGroupObjectClasses: inetUser
+ipaUserObjectClasses: top
+ipaUserObjectClasses: person
+ipaUserObjectClasses: organizationalPerson
+ipaUserObjectClasses: inetOrgPerson
+ipaUserObjectClasses: inetUser
+ipaUserObjectClasses: posixAccount
+ipaUserObjectClasses: krbPrincipalAux
+ipaUserObjectClasses: radiusprofile
 
 dn: cn=account inactivation,cn=accounts,$SUFFIX
 changetype: add
diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py
index 7be75ddc3..d247878e0 100644
--- a/ipa-server/xmlrpc-server/funcs.py
+++ b/ipa-server/xmlrpc-server/funcs.py
@@ -506,8 +506,7 @@ class IPAServer:
             del user['gn']
 
         # some required objectclasses
-        entry.setValues('objectClass', 'top', 'person', 'organizationalPerson',
-                'inetOrgPerson', 'inetUser', 'posixAccount', 'krbPrincipalAux', 'radiusprofile')
+        entry.setValues('objectClass', (config.get('ipauserobjectclasses')))
 
         # fill in our new entry with everything sent by the user
         for u in user:
@@ -719,6 +718,12 @@ class IPAServer:
             finally:
                 self.releaseConnection(conn)
 
+        # Get our configuration
+        config = self.get_ipa_config(opts)
+
+        # Make sure we have the latest object classes
+        newentry['objectclass'] = uniq_list(newentry.get('objectclass') + config.get('ipauserobjectclasses'))
+        
         try:
            rv = self.update_entry(oldentry, newentry, opts)
            return rv
@@ -878,13 +883,15 @@ class IPAServer:
         if self.__is_group_unique(group['cn'], opts) == 0:
             raise ipaerror.gen_exception(ipaerror.LDAP_DUPLICATE)
 
+        # Get our configuration
+        config = self.get_ipa_config(opts)
+
         dn="cn=%s,%s,%s" % (ldap.dn.escape_dn_chars(group['cn']),
                             group_container,self.basedn)
         entry = ipaserver.ipaldap.Entry(dn)
 
         # some required objectclasses
-        entry.setValues('objectClass', 'top', 'groupofnames', 'posixGroup',
-                        'inetUser')
+        entry.setValues('objectClass', (config.get('ipagroupobjectclasses')))
 
         # No need to explicitly set gidNumber. The dna_plugin will do this
         # for us if the value isn't provided by the user.
@@ -1226,6 +1233,12 @@ class IPAServer:
             finally:
                 self.releaseConnection(conn)
 
+        # Get our configuration
+        config = self.get_ipa_config(opts)
+
+        # Make sure we have the latest object classes
+        newentry['objectclass'] = uniq_list(newentry.get('objectclass') + config.get('ipauserobjectclasses'))
+
         try:
            rv = self.update_entry(oldentry, newentry, opts)
            return rv
@@ -1590,3 +1603,8 @@ def ldap_search_escape(match):
         return r'\00'
     else:
         return value
+
+def uniq_list(x):
+    """Return a unique list, preserving order and ignoring case"""
+    set = {}
+    return [set.setdefault(e,e) for e in x if e.lower() not in set]
author	Rob Crittenden <rcritten@redhat.com>	2007-12-06 00:30:26 -0500
committer	Rob Crittenden <rcritten@redhat.com>	2007-12-06 00:30:26 -0500
commit	6ea3d9610e62322b843b22b6acf531dce384305c (patch)
tree	c1f391a3c1e284abbe3686f245be7af36eb6cbf4 /ipa-server
parent	ca118de76cb036acb31eae41970b962497d18838 (diff)
download	freeipa-6ea3d9610e62322b843b22b6acf531dce384305c.tar.gz freeipa-6ea3d9610e62322b843b22b6acf531dce384305c.tar.xz freeipa-6ea3d9610e62322b843b22b6acf531dce384305c.zip