diff options
author | Ana Krivokapic <akrivoka@redhat.com> | 2013-06-10 18:57:08 -0400 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2013-06-24 14:30:06 +0200 |
commit | 91a5d3349be3a8c6044684405a4e66f4ed1dd543 (patch) | |
tree | c8d6ee3bbe7eaa81e25ab2b576f6db20345c3090 /ipalib | |
parent | 2775dec3bec3499c69de60d5bb581ffad7615cef (diff) | |
download | freeipa-91a5d3349be3a8c6044684405a4e66f4ed1dd543.tar.gz freeipa-91a5d3349be3a8c6044684405a4e66f4ed1dd543.tar.xz freeipa-91a5d3349be3a8c6044684405a4e66f4ed1dd543.zip |
Require rid-base and secondary-rid-base in idrange-add after ipa-adtrust-install
Add a new API command 'adtrust_is_enabled', which can be used to determine
whether ipa-adtrust-install has been run on the system. This new command is not
visible in IPA CLI.
Use this command in idrange_add to conditionally require rid-base and
secondary-rid-base options.
Add tests to cover the new functionality
https://fedorahosted.org/freeipa/ticket/3634
Diffstat (limited to 'ipalib')
-rw-r--r-- | ipalib/plugins/idrange.py | 35 | ||||
-rw-r--r-- | ipalib/plugins/trust.py | 32 |
2 files changed, 62 insertions, 5 deletions
diff --git a/ipalib/plugins/idrange.py b/ipalib/plugins/idrange.py index 54b835e24..f258cbb15 100644 --- a/ipalib/plugins/idrange.py +++ b/ipalib/plugins/idrange.py @@ -356,7 +356,7 @@ class idrange_add(LDAPCreate): may be given for a new ID range for the local domain while - --rid-bas + --rid-base --dom-sid must be given to add a new range for a trusted AD domain. @@ -381,6 +381,9 @@ class idrange_add(LDAPCreate): Also ensure that secondary-rid-base is prompted for when rid-base is specified and vice versa, in case that dom-sid was not specified. + + Also ensure that rid-base and secondary-rid-base is prompted for + if ipa-adtrust-install has been run on the system. """ # dom-sid can be specified using dom-sid or dom-name options @@ -410,6 +413,22 @@ class idrange_add(LDAPCreate): value = self.prompt_param(self.params['ipabaserid']) kw.update(dict(ipabaserid=value)) + # Prompt for rid-base and secondary-rid-base if ipa-adtrust-install + # has been run on the system + adtrust_is_enabled = api.Command['adtrust_is_enabled']()['result'] + + if adtrust_is_enabled: + rid_base = kw.get('ipabaserid', None) + secondary_rid_base = kw.get('ipasecondarybaserid', None) + + if rid_base is None: + value = self.prompt_param(self.params['ipabaserid']) + kw.update(dict(ipabaserid=value)) + + if secondary_rid_base is None: + value = self.prompt_param(self.params['ipasecondarybaserid']) + kw.update(dict(ipasecondarybaserid=value)) + def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): assert isinstance(dn, DN) @@ -495,6 +514,20 @@ class idrange_add(LDAPCreate): error=_("Primary RID range and secondary RID range" " cannot overlap")) + # rid-base and secondary-rid-base must be set if + # ipa-adtrust-install has been run on the system + adtrust_is_enabled = api.Command['adtrust_is_enabled']()['result'] + + if adtrust_is_enabled and not ( + is_set('ipabaserid') and is_set('ipasecondarybaserid')): + raise errors.ValidationError( + name='ID Range setup', + error=_( + 'You must specify both rid-base and ' + 'secondary-rid-base options, because ' + 'ipa-adtrust-install has already been run.' + ) + ) return dn def post_callback(self, ldap, dn, entry_attrs, *keys, **options): diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py index 5c9360b57..d2b58399f 100644 --- a/ipalib/plugins/trust.py +++ b/ipalib/plugins/trust.py @@ -20,12 +20,9 @@ from ipalib.plugins.baseldap import * from ipalib.plugins.dns import dns_container_exists -from ipalib import api, Str, StrEnum, Password, DefaultFrom, _, ngettext, Object -from ipalib.parameters import Enum +from ipalib import api, Str, StrEnum, Password, _, ngettext from ipalib import Command from ipalib import errors -from ipapython import ipautil -from ipalib import util try: import pysss_murmur #pylint: disable=F0401 _murmur_installed = True @@ -843,3 +840,30 @@ class trust_resolve(Command): return dict(result=result) api.register(trust_resolve) + + +class adtrust_is_enabled(Command): + NO_CLI = True + + __doc__ = _('Determine whether ipa-adtrust-install has been run on this ' + 'system') + + def execute(self, *keys, **options): + ldap = self.api.Backend.ldap2 + adtrust_dn = DN( + ('cn', 'ADTRUST'), + ('cn', api.env.host), + ('cn', 'masters'), + ('cn', 'ipa'), + ('cn', 'etc'), + api.env.basedn + ) + + try: + ldap.get_entry(adtrust_dn) + except errors.NotFound: + return dict(result=False) + + return dict(result=True) + +api.register(adtrust_is_enabled) |