Add default roles and permissions for HBAC, SUDO and pw policy

Created some default roles as examples. In doing so I realized that
we were completely missing default rules for HBAC, SUDO and password
policy so I added those as well.

I ran into a problem when the updater has a default record and an add
at the same time, it should handle it better now.

ticket 585

1 files changed, 14 insertions, 2 deletions

diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py
index e7411e3fb..958904950 100644
--- a/ipaserver/install/ldapupdate.py
+++ b/ipaserver/install/ldapupdate.py
@@ -213,7 +213,18 @@ class LDAPUpdate:
             return all_updates
 
         e = all_updates[dn]
-        e['updates'] = e['updates'] + update['updates']
+        if 'default' in update:
+            if 'default' in e:
+                e['default'] = e['default'] + update['default']
+            else:
+                e['default'] = update['default']
+        elif 'updates' in update:
+            if 'updates' in e:
+                e['updates'] = e['updates'] + update['updates']
+            else:
+                e['updates'] = update['updates']
+        else:
+            logging.debug("Unknown key in updates %s" % update.keys())
 
         all_updates[dn] = e
 
@@ -289,7 +300,8 @@ class LDAPUpdate:
         """Create a task to update an index for an attribute"""
 
         # Sleep a bit to ensure previous operations are complete
-        time.sleep(5)
+        if self.live_run:
+            time.sleep(5)
 
         r = random.SystemRandom()