diff options
author | Pavel Zuna <pzuna@redhat.com> | 2009-05-11 15:49:07 +0200 |
---|---|---|
committer | Jason Gerard DeRose <jderose@redhat.com> | 2009-05-20 16:46:28 -0600 |
commit | a3ae5047f3a5492fcac48638e1150ee3348f34e8 (patch) | |
tree | 89bab4eba5cf4ee163f5fcab6fdd91efd060b335 /ipalib/plugins/group2.py | |
parent | 3a4828b3725df229634a06b73de9d55b0ad8b972 (diff) | |
download | freeipa-a3ae5047f3a5492fcac48638e1150ee3348f34e8.tar.gz freeipa-a3ae5047f3a5492fcac48638e1150ee3348f34e8.tar.xz freeipa-a3ae5047f3a5492fcac48638e1150ee3348f34e8.zip |
Add group plugin port to new LDAP backend.
Diffstat (limited to 'ipalib/plugins/group2.py')
-rw-r--r-- | ipalib/plugins/group2.py | 207 |
1 files changed, 207 insertions, 0 deletions
diff --git a/ipalib/plugins/group2.py b/ipalib/plugins/group2.py new file mode 100644 index 000000000..b3b0917fc --- /dev/null +++ b/ipalib/plugins/group2.py @@ -0,0 +1,207 @@ +# Authors: +# Rob Crittenden <rcritten@redhat.com> +# Pavel Zuna <pzuna@redhat.com> +# +# Copyright (C) 2009 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; version 2 only +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +""" +Groups of users. +""" + +from ipalib import api +from ipalib.plugins.basegroup2 import * + +_container_dn = api.env.container_group +_default_attributes = ['cn', 'description', 'gidNumber', 'member', 'memberOf'] +_default_class = 'ipaUserGroup' + +class group2(basegroup2): + """ + Group object. + """ + container = _container_dn + + takes_params = basegroup2.takes_params + ( + Int('gidnumber?', + cli_name='gid', + doc='GID (use this option to set it manually)', + ), + ) + +api.register(group2) + + +class group2_create(basegroup2_create): + """ + Create new group. + """ + takes_options = ( + Flag('posix', + cli_name='posix', + doc='create as posix group?', + ), + ) + + def execute(self, cn, **kw): + """ + Execute the group-add operation. + + The dn should not be passed as a keyword argument as it is constructed + by this method. + + Returns the entry as it will be created in LDAP. + + No need to explicitly set gidNumber. The dna_plugin will do this + for us if the value isn't provided by the caller. + + :param cn: The name of the group being added. + :param kw: Keyword arguments for the other LDAP attributes. + """ + assert 'cn' not in kw + assert 'dn' not in kw + assert self.api.env.use_ldap2, 'use_ldap2 is False' + ldap = self.api.Backend.ldap2 + + config = ldap.get_ipa_config()[1] + + kw['objectclass'] = config.get('ipaGroupObjectClasses') + if kw['posix'] or 'gidnumber' in kw: + kw['objectclass'].append('posixGroup') + + return super(group2_create, self).execute(cn, **kw) + +api.register(group2_create) + + +class group2_delete(basegroup2_delete): + """ + Delete group. + """ + container = _container_dn + filter_class = _default_class + + def execute(self, cn, **kw): + """ + Delete a group + + The memberOf plugin handles removing the group from any other + groups. + + :param cn: The name of the group being removed + :param kw: Unused + """ + assert self.api.env.use_ldap2, 'use_ldap2 is False' + ldap = self.api.Backend.ldap2 + dn = get_dn_by_attr(ldap, 'cn', cn, self.filter_class, self.container) + + # Don't allow the default user group to be removed + try: + config = ldap.get_ipa_config()[1] + def_group_cn = config.get('ipaDefaultPrimaryGroup') + def_group_dn = get_dn_by_attr( + ldap, 'cn', def_group_cn, self.filter_class, self.container + ) + if dn == def_group_dn: + raise errors.DefaultGroup() + except errors.NotFound: + pass + + return super(group2_delete, self).execute(cn, **kw) + +api.register(group2_delete) + + +class group2_mod(basegroup2_mod): + """ + Modify group. + """ + container = _container_dn + filter_class = _default_class + + takes_options = ( + Flag('posix', + cli_name='posix', + doc='change to posix group', + ), + ) + def execute(self, cn, **kw): + """ + Execute the group-mod operation. + + The dn should not be passed as a keyword argument as it is constructed + by this method. + + Returns the entry + + :param cn: The name of the group to update. + :param kw: Keyword arguments for the other LDAP attributes. + """ + assert 'cn' not in kw + assert 'dn' not in kw + assert self.api.env.use_ldap2, 'use_ldap2 is False' + ldap = self.api.Backend.ldap2 + + if kw['posix'] or 'gidnumber' in kw: + dn = get_dn_by_attr(ldap, 'cn', cn, self.filter_class, self.container) + (dn, entry_attrs) = ldap.get_entry(dn, ['objectClass']) + if kw['posix'] and 'posixGroup' in entry_attrs['objectClass']: + raise errors.AlreadyPosixGroup() + else: + entry_attrs['objectClass'].append('posixGroup') + kw['objectclass'] = entry_attrs['objectClass'] + + return super(group2_mod, self).execute(cn, **kw) + +api.register(group2_mod) + + +class group2_find(basegroup2_find): + """ + Search for groups. + """ + default_attributes = _default_attributes + container = _container_dn + filter_class = _default_class + +api.register(group2_find) + + +class group2_show(basegroup2_show): + """ + Display group. + """ + default_attributes = _default_attributes + container = _container_dn + +api.register(group2_show) + + +class group2_add_member(basegroup2_add_member): + """ + Add member to group. + """ + container = _container_dn + +api.register(group2_add_member) + + +class group2_del_member(basegroup2_del_member): + 'Remove a member from a group.' + container = _container_dn + +api.register(group2_del_member) + |