diff options
author | Ana Krivokapic <akrivoka@redhat.com> | 2013-04-12 15:20:07 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2013-04-16 15:50:24 +0200 |
commit | a730b6e7b5e4eca754022fd3e0112ef597888c3b (patch) | |
tree | 224bb29ab953d696fe7eb8b9ea106d60c47a3a0f /ipalib | |
parent | e736e75ce9724ae8298a5b69d093313cd6e62b60 (diff) | |
download | freeipa-a730b6e7b5e4eca754022fd3e0112ef597888c3b.tar.gz freeipa-a730b6e7b5e4eca754022fd3e0112ef597888c3b.tar.xz freeipa-a730b6e7b5e4eca754022fd3e0112ef597888c3b.zip |
Integrate realmdomains with IPA DNS
Add an entry to realmdomains when a DNS zone is added to IPA.
Delete the related entry from realmdomains when the DNS zone is deleted
from IPA.
Add _kerberos TXT record to DNS zone when a new realmdomain is added.
Delete _kerberos TXT record from DNS zone when realmdomain is deleted.
Add unit tests to cover new functionality.
https://fedorahosted.org/freeipa/ticket/3544
Diffstat (limited to 'ipalib')
-rw-r--r-- | ipalib/plugins/dns.py | 23 | ||||
-rw-r--r-- | ipalib/plugins/realmdomains.py | 50 |
2 files changed, 73 insertions, 0 deletions
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index becec1423..d59df59a2 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -1841,6 +1841,18 @@ class dnszone_add(LDAPCreate): dns_record, nameserver_ip_address) + # Add entry to realmdomains + # except for our own domain, forwarded zones and reverse zones + zone = keys[0] + + if (zone != api.env.domain + and not options.get('idnsforwarders') + and not zone_is_reverse(zone)): + try: + api.Command['realmdomains_mod'](add_domain=zone, force=True) + except errors.EmptyModlist: + pass + return dn api.register(dnszone_add) @@ -1857,6 +1869,17 @@ class dnszone_del(LDAPDelete): force=True) except errors.NotFound: pass + + # Delete entry from realmdomains + # except for our own domain + zone = keys[0] + + if zone != api.env.domain: + try: + api.Command['realmdomains_mod'](del_domain=zone, force=True) + except errors.AttrValueNotFound: + pass + return True api.register(dnszone_del) diff --git a/ipalib/plugins/realmdomains.py b/ipalib/plugins/realmdomains.py index f3dbf8dae..cff193f20 100644 --- a/ipalib/plugins/realmdomains.py +++ b/ipalib/plugins/realmdomains.py @@ -49,6 +49,10 @@ EXAMPLES: """) +def _domain_name_normalizer(d): + return d.lower().rstrip('.') + + class realmdomains(LDAPObject): """ List of domains associated with IPA realm. @@ -64,16 +68,19 @@ class realmdomains(LDAPObject): takes_params = ( Str('associateddomain+', _domain_name_validator, + normalizer=_domain_name_normalizer, cli_name='domain', label=_('Domain'), ), Str('add_domain?', _domain_name_validator, + normalizer=_domain_name_normalizer, cli_name='add_domain', label=_('Add domain'), ), Str('del_domain?', _domain_name_validator, + normalizer=_domain_name_normalizer, cli_name='del_domain', label=_('Delete domain'), ), @@ -133,6 +140,49 @@ class realmdomains_mod(LDAPUpdate): entry_attrs['associateddomain'] = domains return dn + def execute(self, *keys, **options): + dn = self.obj.get_dn(*keys, **options) + ldap = self.obj.backend + + domains_old = set(ldap.get_entry(dn)[1]['associateddomain']) + result = super(realmdomains_mod, self).execute(*keys, **options) + domains_new = set(ldap.get_entry(dn)[1]['associateddomain']) + + domains_added = domains_new - domains_old + domains_deleted = domains_old - domains_new + + # Add a _kerberos TXT record for zones that correspond with + # domains which were added + for d in domains_added: + # Skip our own domain + if d == api.env.domain: + continue + try: + api.Command['dnsrecord_add']( + unicode(d), + u'_kerberos', + txtrecord=api.env.realm + ) + except (errors.EmptyModlist, errors.NotFound): + pass + + # Delete _kerberos TXT record from zones that correspond with + # domains which were deleted + for d in domains_deleted: + # Skip our own domain + if d == api.env.domain: + continue + try: + api.Command['dnsrecord_del']( + unicode(d), + u'_kerberos', + txtrecord=api.env.realm + ) + except (errors.AttrValueNotFound, errors.NotFound): + pass + + return result + api.register(realmdomains_mod) |