diff options
-rw-r--r-- | ipalib/plugins/baseldap.py | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 78ce8e023..91aa39650 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -426,6 +426,13 @@ class LDAPRetrieve(LDAPQuery): """ has_output = output.standard_entry + takes_options = ( + Flag('rights', + label=_('Rights'), + doc=_('Display the access rights to modify this entry (requires --all)'), + ), + ) + def execute(self, *keys, **options): ldap = self.obj.backend @@ -455,6 +462,17 @@ class LDAPRetrieve(LDAPQuery): except errors.NotFound: self.obj.handle_not_found(*keys) + if options.get('rights', False) and options.get('all', False): + rights = ldap.get_effective_rights(dn, ['*', 'nsaccountlock']) + if 'attributelevelrights' in rights[1]: + rights = rights[1]['attributelevelrights'] + rights = rights[0].split(', ') + rdict = {} + for r in rights: + (k,v) = r.split(':') + rdict[k] = v + entry_attrs['attributelevelrights'] = rdict + for callback in self.POST_CALLBACKS: if hasattr(callback, 'im_self'): dn = callback(ldap, dn, entry_attrs, *keys, **options) |