diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2010-10-18 14:53:32 -0400 |
|---|---|---|
| committer | Simo Sorce <ssorce@redhat.com> | 2010-10-28 08:39:10 -0400 |
| commit | 70a57924c8e265df1e97b7f0be1adf8da802fbfd (patch) | |
| tree | 40731984730ee48d8161e0cca67c34581e55d246 /ipalib | |
| parent | 93290c8a72bcd5c4ab34eedf0ec443469b36f8c1 (diff) | |
| download | freeipa-70a57924c8e265df1e97b7f0be1adf8da802fbfd.tar.gz freeipa-70a57924c8e265df1e97b7f0be1adf8da802fbfd.tar.xz freeipa-70a57924c8e265df1e97b7f0be1adf8da802fbfd.zip | |
Allow RDN changes for users, groups, rolegroups and taskgroups.
To do a change right now you have to perform a setattr like:
ipa user-mod --setattr uid=newuser olduser
The RDN change is performed before the rest of the mods. If the RDN
change is the only change done then the EmptyModlist that update_entry()
throws is ignored.
ticket 323
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/plugins/baseldap.py | 18 | ||||
| -rw-r--r-- | ipalib/plugins/group.py | 1 | ||||
| -rw-r--r-- | ipalib/plugins/rolegroup.py | 1 | ||||
| -rw-r--r-- | ipalib/plugins/taskgroup.py | 1 | ||||
| -rw-r--r-- | ipalib/plugins/user.py | 1 |
5 files changed, 22 insertions, 0 deletions
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 40f9d6a58..78ce8e023 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -77,6 +77,7 @@ class LDAPObject(Object): rdn_attribute = '' uuid_attribute = '' attribute_members = {} + rdnattr = None container_not_found_msg = _('container entry (%(container)s) not found') parent_not_found_msg = _('%(parent)s: %(oname)s not found') @@ -541,14 +542,31 @@ class LDAPUpdate(LDAPQuery, crud.Update): _check_single_value_attrs(self.params, entry_attrs) + rdnupdate = False try: + if self.obj.rdnattr and self.obj.rdnattr in entry_attrs: + # RDN change + ldap.update_entry_rdn(dn, unicode('%s=%s' % (self.obj.rdnattr, + entry_attrs[self.obj.rdnattr]))) + dn = self.obj.get_dn(entry_attrs[self.obj.rdnattr]) + del entry_attrs[self.obj.rdnattr] + options['rdnupdate'] = True + rdnupdate = True + ldap.update_entry(dn, entry_attrs, normalize=self.obj.normalize_dn) except errors.ExecutionError, e: + # Exception callbacks will need to test for options['rdnupdate'] + # to decide what to do. An EmptyModlist in this context doesn't + # mean an error occurred, just that there were no other updates to + # perform. try: self._call_exc_callbacks( keys, options, e, ldap.update_entry, dn, entry_attrs, normalize=self.obj.normalize_dn ) + except errors.EmptyModlist, e: + if not rdnupdate: + raise e except errors.NotFound: self.obj.handle_not_found(*keys) diff --git a/ipalib/plugins/group.py b/ipalib/plugins/group.py index 2b8dc1af1..975915b42 100644 --- a/ipalib/plugins/group.py +++ b/ipalib/plugins/group.py @@ -90,6 +90,7 @@ class group(LDAPObject): 'member': ['user', 'group'], 'memberof': ['group', 'netgroup', 'rolegroup', 'taskgroup'], } + rdnattr = 'cn' label = _('User Groups') diff --git a/ipalib/plugins/rolegroup.py b/ipalib/plugins/rolegroup.py index 99560c46c..feffa0d49 100644 --- a/ipalib/plugins/rolegroup.py +++ b/ipalib/plugins/rolegroup.py @@ -75,6 +75,7 @@ class rolegroup(LDAPObject): 'member': ['user', 'group', 'host', 'hostgroup'], 'memberof': ['taskgroup'], } + rdnattr='cn' label = _('Role Groups') diff --git a/ipalib/plugins/taskgroup.py b/ipalib/plugins/taskgroup.py index 0ee90474d..11bef4860 100644 --- a/ipalib/plugins/taskgroup.py +++ b/ipalib/plugins/taskgroup.py @@ -47,6 +47,7 @@ class taskgroup(LDAPObject): 'member': ['user', 'group', 'rolegroup'], # FIXME: taskgroup can be member of ??? } + rdnattr='cn' label = _('Task Groups') diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index 68ca24a0c..fb0da4800 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -72,6 +72,7 @@ class user(LDAPObject): attribute_members = { 'memberof': ['group', 'netgroup', 'rolegroup', 'taskgroup'], } + rdnattr = 'uid' label = _('Users') |