Add per-service option to store the types of PAC it supports

Create a per-service default as well. https://fedorahosted.org/freeipa/ticket/2184
author: Rob Crittenden <rcritten@redhat.com> 2012-08-01 16:14:11 +0200
committer: Martin Kosek <mkosek@redhat.com> 2012-08-01 16:15:51 +0200
commit: fb817d340139822d17414da93853be5bc3bf6086 (patch)
tree: 4f086f792a9e776b71e36fcc5c693e3df1e687a2 /ipalib/plugins/service.py
parent: fd31396d5129b1980d3ce979af7239f16d3f6fc5 (diff)
download: freeipa-fb817d340139822d17414da93853be5bc3bf6086.tar.gz
freeipa-fb817d340139822d17414da93853be5bc3bf6086.tar.xz
freeipa-fb817d340139822d17414da93853be5bc3bf6086.zip
1 files changed, 18 insertions, 5 deletions
diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py
index 60035bf6d..4f3051aa4 100644
--- a/ipalib/plugins/service.py
+++ b/ipalib/plugins/service.py
@@ -23,7 +23,7 @@ import base64
 import os
 
 from ipalib import api, errors, util
-from ipalib import Str, Flag, Bytes
+from ipalib import Str, Flag, Bytes, StrEnum
 from ipalib.plugins.baseldap import *
 from ipalib import x509
 from ipalib import _, ngettext
@@ -223,8 +223,9 @@ class service(LDAPObject):
         'krbprincipal', 'krbprincipalaux', 'krbticketpolicyaux', 'ipaobject',
         'ipaservice', 'pkiuser', 'ipakrbprincipal'
     ]
-    search_attributes = ['krbprincipalname', 'managedby']
-    default_attributes = ['krbprincipalname', 'usercertificate', 'managedby']
+    search_attributes = ['krbprincipalname', 'managedby', 'ipakrbauthzdata']
+    default_attributes = ['krbprincipalname', 'usercertificate', 'managedby',
+        'ipakrbauthzdata',]
     uuid_attribute = 'ipauniqueid'
     attribute_members = {
         'managedby': ['host'],
@@ -251,7 +252,14 @@ class service(LDAPObject):
             label=_('Certificate'),
             doc=_('Base-64 encoded server certificate'),
             flags=['no_search',],
-        )
+        ),
+        StrEnum('ipakrbauthzdata*',
+            cli_name='pac_type',
+            label=_('PAC type'),
+            doc=_('Types of PAC this service supports'),
+            values=(u'MS-PAC', u'PAD'),
+            csv=True,
+        ),
     )
 
 api.register(service)
@@ -291,7 +299,12 @@ class service_add(LDAPCreate):
              # don't exist in DNS.
              util.validate_host_dns(self.log, hostname)
         if not 'managedby' in entry_attrs:
-             entry_attrs['managedby'] = hostresult['dn']
+            entry_attrs['managedby'] = hostresult['dn']
+        if 'ipakrbauthzdata' not in entry_attrs:
+            config = ldap.get_ipa_config()[1]
+            default_pac_type = config.get('ipakrbauthzdata', [])
+            if default_pac_type:
+                entry_attrs['ipakrbauthzdata'] = default_pac_type
 
         # Enforce ipaKrbPrincipalAlias to aid case-insensitive searches
         # as krbPrincipalName/krbCanonicalName are case-sensitive in Kerberos
author	Rob Crittenden <rcritten@redhat.com>	2012-08-01 16:14:11 +0200
committer	Martin Kosek <mkosek@redhat.com>	2012-08-01 16:15:51 +0200
commit	fb817d340139822d17414da93853be5bc3bf6086 (patch)
tree	4f086f792a9e776b71e36fcc5c693e3df1e687a2 /ipalib/plugins/service.py
parent	fd31396d5129b1980d3ce979af7239f16d3f6fc5 (diff)
download	freeipa-fb817d340139822d17414da93853be5bc3bf6086.tar.gz freeipa-fb817d340139822d17414da93853be5bc3bf6086.tar.xz freeipa-fb817d340139822d17414da93853be5bc3bf6086.zip