Require rid-base and secondary-rid-base in idrange-add after ipa-adtrust-install

Add a new API command 'adtrust_is_enabled', which can be used to determine
whether ipa-adtrust-install has been run on the system. This new command is not
visible in IPA CLI.

Use this command in idrange_add to conditionally require rid-base and
secondary-rid-base options.

Add tests to cover the new functionality

https://fedorahosted.org/freeipa/ticket/3634

1 files changed, 28 insertions, 4 deletions

diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py
index 5c9360b57..d2b58399f 100644
--- a/ipalib/plugins/trust.py
+++ b/ipalib/plugins/trust.py
@@ -20,12 +20,9 @@
 
 from ipalib.plugins.baseldap import *
 from ipalib.plugins.dns import dns_container_exists
-from ipalib import api, Str, StrEnum, Password, DefaultFrom, _, ngettext, Object
-from ipalib.parameters import Enum
+from ipalib import api, Str, StrEnum, Password, _, ngettext
 from ipalib import Command
 from ipalib import errors
-from ipapython import ipautil
-from ipalib import util
 try:
     import pysss_murmur #pylint: disable=F0401
     _murmur_installed = True
@@ -843,3 +840,30 @@ class trust_resolve(Command):
         return dict(result=result)
 
 api.register(trust_resolve)
+
+
+class adtrust_is_enabled(Command):
+    NO_CLI = True
+
+    __doc__ = _('Determine whether ipa-adtrust-install has been run on this '
+                'system')
+
+    def execute(self, *keys, **options):
+        ldap = self.api.Backend.ldap2
+        adtrust_dn = DN(
+            ('cn', 'ADTRUST'),
+            ('cn', api.env.host),
+            ('cn', 'masters'),
+            ('cn', 'ipa'),
+            ('cn', 'etc'),
+            api.env.basedn
+        )
+
+        try:
+            ldap.get_entry(adtrust_dn)
+        except errors.NotFound:
+            return dict(result=False)
+
+        return dict(result=True)
+
+api.register(adtrust_is_enabled)