diff options
| author | Tomas Babej <tbabej@redhat.com> | 2014-09-11 13:08:06 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2014-09-30 10:42:06 +0200 |
| commit | 961790e20a102b6e70a4b83cccd99d1bf24c499e (patch) | |
| tree | 5cb61c5fbde882a0f82eceac57e0b27b2deefe9c /ipalib/plugins/idviews.py | |
| parent | c6d50c456f6984eb6cb5392cdda6fab151fbbf65 (diff) | |
| download | freeipa-961790e20a102b6e70a4b83cccd99d1bf24c499e.tar.gz freeipa-961790e20a102b6e70a4b83cccd99d1bf24c499e.tar.xz freeipa-961790e20a102b6e70a4b83cccd99d1bf24c499e.zip | |
idviews: Change format of IPA anchor to include domain
The old format of the IPA anchor, :IPA:<object_uuid> does not contain for the actual domain
of the object. Once IPA-IPA trusts are introduced, we will need this information to be kept
to be able to resolve the anchor.
Change the IPA anchor format to :IPA:<domain>:<object_uuid>
Part of: https://fedorahosted.org/freeipa/ticket/3979
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'ipalib/plugins/idviews.py')
| -rw-r--r-- | ipalib/plugins/idviews.py | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/ipalib/plugins/idviews.py b/ipalib/plugins/idviews.py index a8e41c70d..098e71b2f 100644 --- a/ipalib/plugins/idviews.py +++ b/ipalib/plugins/idviews.py @@ -419,7 +419,13 @@ class baseidoverride(LDAPObject): try: entry = self.backend.get_entry(api.Object[obj_type].get_dn(obj), attrs_list=['ipaUniqueID']) - return IPA_ANCHOR_PREFIX + entry.single_value.get('ipaUniqueID') + + # The domain prefix, this will need to be reworked once we + # introduce IPA-IPA trusts + domain = api.env.domain + uuid = entry.single_value.get('ipaUniqueID') + + return "%s%s:%s" % (IPA_ANCHOR_PREFIX, domain, uuid) except errors.NotFound: pass @@ -428,6 +434,9 @@ class baseidoverride(LDAPObject): domain_validator = ipaserver.dcerpc.DomainValidator(api) if domain_validator.is_configured(): sid = domain_validator.get_trusted_domain_object_sid(obj) + + # There is no domain prefix since SID contains information + # about the domain return SID_ANCHOR_PREFIX + sid def resolve_anchor_to_object_name(self, anchor): @@ -435,7 +444,10 @@ class baseidoverride(LDAPObject): # Prepare search parameters accounts_dn = DN(api.env.container_accounts, api.env.basedn) - uuid = anchor.split(IPA_ANCHOR_PREFIX)[1].strip() + + # Anchor of the form :IPA:<domain>:<uuid> + # Strip the IPA prefix and the domain prefix + uuid = anchor.rpartition(':')[-1].strip() objectclass, name_attr = ( ('posixaccount', 'uid') |