summaryrefslogtreecommitdiffstats
path: root/ipalib/plugins
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2012-02-29 13:31:20 -0500
committerRob Crittenden <rcritten@redhat.com>2012-02-29 18:00:45 -0500
commit0099ccbea829203a14013255aa0a4058d4d58a36 (patch)
tree7efbbaec8e7b030dd20fa9ac9bfde5ff268aa7f8 /ipalib/plugins
parent87901ed7098dff72e4a62dfe582c2b83439b7280 (diff)
downloadfreeipa-0099ccbea829203a14013255aa0a4058d4d58a36.tar.gz
freeipa-0099ccbea829203a14013255aa0a4058d4d58a36.tar.xz
freeipa-0099ccbea829203a14013255aa0a4058d4d58a36.zip
Only apply validation rules when adding and updating.
There may be cases, for whatever reason, that an otherwise illegal entry gets created that doesn't match the criteria for a valid user/host/group name. If this happens (i.e. migration) there is no way to remove this using the IPA tools because we always applied the name pattern. So you can't, for example, delete a user with an illegal name. Primary keys are cloned with query=True in PKQuery which causes no rules to be applied on mod/show/find. This reverts a change from commit 3a5e26a0 which applies class rules when query=True (for enforcing no white space). Replace rdnattr with rdn_is_primary_key. This was meant to tell us when an RDN change was necessary to do a rename. There could be a disconnect where the rdnattr wasn't the primary key and in that case we don't need to do an RDN change, so use a boolean instead so that it is clear that RDN == primary key. Add a test to ensure that nowhitespace is actually enforced. https://fedorahosted.org/freeipa/ticket/2115 Related: https://fedorahosted.org/freeipa/ticket/2089 Whitespace tickets: https://fedorahosted.org/freeipa/ticket/1285 https://fedorahosted.org/freeipa/ticket/1286 https://fedorahosted.org/freeipa/ticket/1287
Diffstat (limited to 'ipalib/plugins')
-rw-r--r--ipalib/plugins/automount.py2
-rw-r--r--ipalib/plugins/baseldap.py21
-rw-r--r--ipalib/plugins/group.py2
-rw-r--r--ipalib/plugins/permission.py2
-rw-r--r--ipalib/plugins/privilege.py2
-rw-r--r--ipalib/plugins/role.py2
-rw-r--r--ipalib/plugins/user.py2
7 files changed, 17 insertions, 16 deletions
diff --git a/ipalib/plugins/automount.py b/ipalib/plugins/automount.py
index 8d743d75b..31c143d84 100644
--- a/ipalib/plugins/automount.py
+++ b/ipalib/plugins/automount.py
@@ -645,7 +645,7 @@ class automountkey(LDAPObject):
default_attributes = [
'automountkey', 'automountinformation', 'description'
]
- rdnattr = 'description'
+ rdn_is_primary_key = True
rdn_separator = ' '
takes_params = (
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index 725704ee0..2664160fa 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -429,7 +429,7 @@ class LDAPObject(Object):
rdn_attribute = ''
uuid_attribute = ''
attribute_members = {}
- rdnattr = None
+ rdn_is_primary_key = False # Do we need RDN change to do a rename?
password_attributes = []
# Can bind as this entry (has userPassword or krbPrincipalKey)
bindable = False
@@ -1178,7 +1178,7 @@ class LDAPUpdate(LDAPQuery, crud.Update):
has_output_params = global_output_params
def _get_rename_option(self):
- rdnparam = getattr(self.obj.params, self.obj.rdnattr)
+ rdnparam = getattr(self.obj.params, self.obj.primary_key.name)
return rdnparam.clone_rename('rename',
cli_name='rename', required=False, label=_('Rename'),
doc=_('Rename the %(ldap_obj_name)s object') % dict(
@@ -1189,7 +1189,7 @@ class LDAPUpdate(LDAPQuery, crud.Update):
def get_options(self):
for option in super(LDAPUpdate, self).get_options():
yield option
- if self.obj.rdnattr:
+ if self.obj.rdn_is_primary_key:
yield self._get_rename_option()
def execute(self, *keys, **options):
@@ -1229,18 +1229,19 @@ class LDAPUpdate(LDAPQuery, crud.Update):
rdnupdate = False
try:
- if self.obj.rdnattr and 'rename' in options:
+ if self.obj.rdn_is_primary_key and 'rename' in options:
if not options['rename']:
raise errors.ValidationError(name='rename', error=u'can\'t be empty')
- entry_attrs[self.obj.rdnattr] = options['rename']
+ entry_attrs[self.obj.primary_key.name] = options['rename']
- if self.obj.rdnattr and self.obj.rdnattr in entry_attrs:
+ if self.obj.rdn_is_primary_key and self.obj.primary_key.name in entry_attrs:
# RDN change
- ldap.update_entry_rdn(dn, unicode('%s=%s' % (self.obj.rdnattr,
- entry_attrs[self.obj.rdnattr])))
- rdnkeys = keys[:-1] + (entry_attrs[self.obj.rdnattr], )
+ ldap.update_entry_rdn(dn,
+ unicode('%s=%s' % (self.obj.primary_key.name,
+ entry_attrs[self.obj.primary_key.name])))
+ rdnkeys = keys[:-1] + (entry_attrs[self.obj.primary_key.name], )
dn = self.obj.get_dn(*rdnkeys)
- del entry_attrs[self.obj.rdnattr]
+ del entry_attrs[self.obj.primary_key.name]
options['rdnupdate'] = True
rdnupdate = True
diff --git a/ipalib/plugins/group.py b/ipalib/plugins/group.py
index b101d1285..096cb9eae 100644
--- a/ipalib/plugins/group.py
+++ b/ipalib/plugins/group.py
@@ -95,7 +95,7 @@ class group(LDAPObject):
'memberofindirect': ['group', 'netgroup', 'role', 'hbacrule',
'sudorule'],
}
- rdnattr = 'cn'
+ rdn_is_primary_key = True
label = _('User Groups')
label_singular = _('User Group')
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index c9fd5649f..ce2536d99 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -144,7 +144,7 @@ class permission(LDAPObject):
attribute_members = {
'member': ['privilege'],
}
- rdnattr='cn'
+ rdn_is_primary_key = True
label = _('Permissions')
label_singular = _('Permission')
diff --git a/ipalib/plugins/privilege.py b/ipalib/plugins/privilege.py
index 53f76512e..53e1de223 100644
--- a/ipalib/plugins/privilege.py
+++ b/ipalib/plugins/privilege.py
@@ -60,7 +60,7 @@ class privilege(LDAPObject):
reverse_members = {
'member': ['permission'],
}
- rdnattr='cn'
+ rdn_is_primary_key = True
label = _('Privileges')
label_singular = _('Privilege')
diff --git a/ipalib/plugins/role.py b/ipalib/plugins/role.py
index ee6ebcdc0..2837c418b 100644
--- a/ipalib/plugins/role.py
+++ b/ipalib/plugins/role.py
@@ -76,7 +76,7 @@ class role(LDAPObject):
reverse_members = {
'member': ['privilege'],
}
- rdnattr='cn'
+ rdn_is_primary_key = True
label = _('Roles')
label_singular = _('Role')
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index d8da3a373..591132d36 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -168,7 +168,7 @@ class user(LDAPObject):
'memberof': ['group', 'netgroup', 'role', 'hbacrule', 'sudorule'],
'memberofindirect': ['group', 'netgroup', 'role', 'hbacrule', 'sudorule'],
}
- rdnattr = 'uid'
+ rdn_is_primary_key = True
bindable = True
password_attributes = [('userpassword', 'has_password'),
('krbprincipalkey', 'has_keytab')]