diff options
| -rw-r--r-- | ipalib/plugins/f_group.py | 144 |
1 files changed, 85 insertions, 59 deletions
diff --git a/ipalib/plugins/f_group.py b/ipalib/plugins/f_group.py index a07d314be..c2280a4e4 100644 --- a/ipalib/plugins/f_group.py +++ b/ipalib/plugins/f_group.py @@ -25,10 +25,7 @@ from ipalib import frontend from ipalib import crud from ipalib.frontend import Param from ipalib import api -from ipa_server import servercore -from ipa_server import ipaldap from ipa_server import ipautil -import ldap class group(frontend.Object): @@ -71,7 +68,7 @@ class group_add(crud.Add): kw['dn'] = ldap.make_group_dn(cn) # Get our configuration - config = servercore.get_ipa_config() + config = ldap.get_ipa_config() # some required objectclasses kw['objectClass'] = config.get('ipagroupobjectclasses') @@ -90,87 +87,116 @@ api.register(group_add) class group_del(crud.Del): 'Delete an existing group.' - def execute(self, *args, **kw): - """args[0] = dn of the group to remove - - Delete a group - - The memberOf plugin handles removing the group from any other - groups. + def execute(self, cn, **kw): """ - group_dn = args[0] + Delete a group - group = servercore.get_entry_by_dn(group_dn, ['dn', 'cn']) - if group is None: - raise errors.NotFound -# logging.info("IPA: delete_group '%s'" % group_dn) + The memberOf plugin handles removing the group from any other + groups. + :param cn: The name of the group being removed + :param kw: Unused + """ # We have 2 special groups, don't allow them to be removed - # FIXME -# if "admins" in group.get('cn') or "editors" in group.get('cn'): +# if "admins" == cn.lower() or "editors" == cn.lower(): # raise ipaerror.gen_exception(ipaerror.CONFIG_REQUIRED_GROUPS) + ldap = self.api.Backend.ldap + dn = ldap.find_entry_dn("cn", cn, "posixGroup") +# logging.info("IPA: delete_group '%s'" % dn) + # Don't allow the default user group to be removed - config=servercore.get_ipa_config() - default_group = servercore.get_entry_by_cn(config.get('ipadefaultprimarygroup'), None) - if group_dn == default_group.get('dn'): + config=ldap.get_ipa_config() + default_group = ldap.find_entry_dn("cn", config.get('ipadefaultprimarygroup'), "posixGroup") + if dn == default_group: raise errors.DefaultGroup - return servercore.delete_entry(group_dn) - def forward(self, *args, **kw): - group = self.api.Command['group_show'](ipautil.utf8_encode_value(args[0])) - if not group: - print "nothing found" - return False - a = group.get('dn') - result = super(crud.Del, self).forward(a) + return ldap.delete(dn) + + def output_for_cli(self, ret): + """ + Output result of this command to command line interface. + """ + if ret: + print "Group deleted" + api.register(group_del) class group_mod(crud.Mod): 'Edit an existing group.' - def execute(self, *args, **kw): - group_cn=args[0] - result = servercore.get_entry_by_cn(group_cn, ["*"]) + def execute(self, cn, **kw): + """ + Execute the user-mod operation. - group = kw - dn = result.get('dn') - del result['dn'] - entry = ipaldap.Entry((dn, servercore.convert_scalar_values(result))) + The dn should not be passed as a keyword argument as it is constructed + by this method. - for g in group: - entry.setValues(g, group[g]) + Returns the entry - result = servercore.update_entry(entry.toDict()) + :param cn: The name of the group to update. + :param kw: Keyword arguments for the other LDAP attributes. + """ + assert 'cn' not in kw + assert 'dn' not in kw + ldap = self.api.Backend.ldap + dn = ldap.find_entry_dn("cn", cn, "posixGroup") + return ldap.update(dn, **kw) + + def output_for_cli(self, ret): + """ + Output result of this command to command line interface. + """ + if ret: + print "Group updated" - return result - def forward(self, *args, **kw): - result = super(crud.Mod, self).forward(*args, **kw) - if result: - print "Group %s modified" % args[0] api.register(group_mod) class group_find(crud.Find): 'Search the groups.' - def execute(self, *args, **kw): - cn=args[0] - result = servercore.get_sub_entry(servercore.basedn, "cn=%s" % cn, ["*"]) - return result - def forward(self, *args, **kw): - result = super(crud.Find, self).forward(*args, **kw) - for a in result: - print a, ": ", result[a] + def execute(self, cn, **kw): + ldap = self.api.Backend.ldap + kw['cn'] = cn + return ldap.search(**kw) + + def output_for_cli(self, groups): + if not groups: + return + + counter = groups[0] + groups = groups[1:] + if counter == 0: + print "No entries found" + return + elif counter == -1: + print "These results are truncated." + print "Please refine your search and try again." + + for g in groups: + for a in g.keys(): + print "%s: %s" % (a, g[a]) + api.register(group_find) class group_show(crud.Get): 'Examine an existing group.' - def execute(self, *args, **kw): - cn=args[0] - result = servercore.get_sub_entry(servercore.basedn, "cn=%s" % cn, ["*"]) - return result - def forward(self, *args, **kw): - result = super(crud.Get, self).forward(*args, **kw) - return result + def execute(self, cn, **kw): + """ + Execute the group-show operation. + + The dn should not be passed as a keyword argument as it is constructed + by this method. + + Returns the entry + + :param cn: The group name to retrieve. + :param kw: Not used. + """ + ldap = self.api.Backend.ldap + dn = ldap.find_entry_dn("cn", cn, "posixGroup") + # FIXME: should kw contain the list of attributes to display? + return ldap.retrieve(dn) + api.register(group_show) |