diff options
| author | Martin Babinsky <mbabinsk@redhat.com> | 2015-08-03 13:36:29 +0200 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2015-08-04 13:57:33 +0200 |
| commit | 3257ac6b876e9e62cae58060c96c525ff0df1ae3 (patch) | |
| tree | b2853932cfb98c6ad80ee87762ec9426c248a712 /ipalib/plugins/user.py | |
| parent | 555229e33e44a200a4035d21da326f568b25946c (diff) | |
| download | freeipa-3257ac6b876e9e62cae58060c96c525ff0df1ae3.tar.gz freeipa-3257ac6b876e9e62cae58060c96c525ff0df1ae3.tar.xz freeipa-3257ac6b876e9e62cae58060c96c525ff0df1ae3.zip | |
store certificates issued for user entries as userCertificate;binary
This patch forces the user management CLI command to store certificates as
userCertificate;binary attribute. The code to retrieve of user information was
modified to enable outputting of userCertificate;binary attribute to the
command line.
The modification also fixes https://fedorahosted.org/freeipa/ticket/5173
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipalib/plugins/user.py')
| -rw-r--r-- | ipalib/plugins/user.py | 21 |
1 files changed, 9 insertions, 12 deletions
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index 0209b29b1..859939205 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -510,6 +510,8 @@ class user_add(baseuser_add): answer = self.api.Object['radiusproxy'].get_dn_if_exists(rcl) entry_attrs['ipatokenradiusconfiglink'] = answer + self.pre_common_callback(ldap, dn, entry_attrs, **options) + return dn def post_callback(self, ldap, dn, entry_attrs, *keys, **options): @@ -557,6 +559,9 @@ class user_add(baseuser_add): convert_sshpubkey_post(ldap, dn, entry_attrs) radius_dn2pk(self.api, entry_attrs) self.obj.get_preserved_attribute(entry_attrs, options) + + self.post_common_callback(ldap, dn, entry_attrs, **options) + return dn @@ -1034,18 +1039,14 @@ class user_add_cert(LDAPAddAttribute): **options): assert isinstance(dn, DN) - new_attr_name = '%s;binary' % self.attribute - if self.attribute in entry_attrs: - entry_attrs[new_attr_name] = entry_attrs.pop(self.attribute) + self.obj.convert_usercertificate_pre(entry_attrs) return dn def post_callback(self, ldap, dn, entry_attrs, *keys, **options): assert isinstance(dn, DN) - old_attr_name = '%s;binary' % self.attribute - if old_attr_name in entry_attrs: - entry_attrs[self.attribute] = entry_attrs.pop(old_attr_name) + self.obj.convert_usercertificate_post(entry_attrs, **options) return dn @@ -1060,17 +1061,13 @@ class user_remove_cert(LDAPRemoveAttribute): **options): assert isinstance(dn, DN) - new_attr_name = '%s;binary' % self.attribute - if self.attribute in entry_attrs: - entry_attrs[new_attr_name] = entry_attrs.pop(self.attribute) + self.obj.convert_usercertificate_pre(entry_attrs) return dn def post_callback(self, ldap, dn, entry_attrs, *keys, **options): assert isinstance(dn, DN) - old_attr_name = '%s;binary' % self.attribute - if old_attr_name in entry_attrs: - entry_attrs[self.attribute] = entry_attrs.pop(old_attr_name) + self.obj.convert_usercertificate_post(entry_attrs, **options) return dn |