diff options
-rw-r--r-- | ipalib/plugins/baseuser.py | 23 | ||||
-rw-r--r-- | ipalib/plugins/user.py | 21 |
2 files changed, 31 insertions, 13 deletions
diff --git a/ipalib/plugins/baseuser.py b/ipalib/plugins/baseuser.py index bd66cf5a3..5eede7a98 100644 --- a/ipalib/plugins/baseuser.py +++ b/ipalib/plugins/baseuser.py @@ -187,7 +187,7 @@ class baseuser(LDAPObject): 'telephonenumber', 'title', 'memberof', 'nsaccountlock', 'memberofindirect', 'ipauserauthtype', 'userclass', 'ipatokenradiusconfiglink', 'ipatokenradiususername', - 'krbprincipalexpiration', 'usercertificate', + 'krbprincipalexpiration', 'usercertificate;binary', ] search_display_attributes = [ 'uid', 'givenname', 'sn', 'homedirectory', 'loginshell', @@ -465,10 +465,27 @@ class baseuser(LDAPObject): assert isinstance(user, DN) return self._user_status(user, DN(self.delete_container_dn, api.env.basedn)) + def convert_usercertificate_pre(self, entry_attrs): + if 'usercertificate' in entry_attrs: + entry_attrs['usercertificate;binary'] = entry_attrs.pop( + 'usercertificate') + + def convert_usercertificate_post(self, entry_attrs, **options): + if 'usercertificate;binary' in entry_attrs: + entry_attrs['usercertificate'] = entry_attrs.pop( + 'usercertificate;binary') + class baseuser_add(LDAPCreate): """ Prototype command plugin to be implemented by real plugin """ + def pre_common_callback(self, ldap, dn, entry_attrs, **options): + assert isinstance(dn, DN) + self.obj.convert_usercertificate_pre(entry_attrs) + + def post_common_callback(self, ldap, dn, entry_attrs, **options): + assert isinstance(dn, DN) + self.obj.convert_usercertificate_post(entry_attrs, **options) class baseuser_del(LDAPDelete): """ @@ -542,6 +559,7 @@ class baseuser_mod(LDAPUpdate): self.check_userpassword(entry_attrs, **options) self.check_objectclass(ldap, dn, entry_attrs) + self.obj.convert_usercertificate_pre(entry_attrs) def post_common_callback(self, ldap, dn, entry_attrs, **options): assert isinstance(dn, DN) @@ -554,6 +572,7 @@ class baseuser_mod(LDAPUpdate): convert_nsaccountlock(entry_attrs) self.obj.convert_manager(entry_attrs, **options) self.obj.get_password_attributes(ldap, dn, entry_attrs) + self.obj.convert_usercertificate_post(entry_attrs, **options) convert_sshpubkey_post(ldap, dn, entry_attrs) radius_dn2pk(self.api, entry_attrs) @@ -584,6 +603,7 @@ class baseuser_find(LDAPSearch): for attrs in entries: self.obj.convert_manager(attrs, **options) self.obj.get_password_attributes(ldap, attrs.dn, attrs) + self.obj.convert_usercertificate_post(attrs, **options) if (lockout): attrs['nsaccountlock'] = True else: @@ -598,5 +618,6 @@ class baseuser_show(LDAPRetrieve): assert isinstance(dn, DN) self.obj.convert_manager(entry_attrs, **options) self.obj.get_password_attributes(ldap, dn, entry_attrs) + self.obj.convert_usercertificate_post(entry_attrs, **options) convert_sshpubkey_post(ldap, dn, entry_attrs) radius_dn2pk(self.api, entry_attrs) diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index 0209b29b1..859939205 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -510,6 +510,8 @@ class user_add(baseuser_add): answer = self.api.Object['radiusproxy'].get_dn_if_exists(rcl) entry_attrs['ipatokenradiusconfiglink'] = answer + self.pre_common_callback(ldap, dn, entry_attrs, **options) + return dn def post_callback(self, ldap, dn, entry_attrs, *keys, **options): @@ -557,6 +559,9 @@ class user_add(baseuser_add): convert_sshpubkey_post(ldap, dn, entry_attrs) radius_dn2pk(self.api, entry_attrs) self.obj.get_preserved_attribute(entry_attrs, options) + + self.post_common_callback(ldap, dn, entry_attrs, **options) + return dn @@ -1034,18 +1039,14 @@ class user_add_cert(LDAPAddAttribute): **options): assert isinstance(dn, DN) - new_attr_name = '%s;binary' % self.attribute - if self.attribute in entry_attrs: - entry_attrs[new_attr_name] = entry_attrs.pop(self.attribute) + self.obj.convert_usercertificate_pre(entry_attrs) return dn def post_callback(self, ldap, dn, entry_attrs, *keys, **options): assert isinstance(dn, DN) - old_attr_name = '%s;binary' % self.attribute - if old_attr_name in entry_attrs: - entry_attrs[self.attribute] = entry_attrs.pop(old_attr_name) + self.obj.convert_usercertificate_post(entry_attrs, **options) return dn @@ -1060,17 +1061,13 @@ class user_remove_cert(LDAPRemoveAttribute): **options): assert isinstance(dn, DN) - new_attr_name = '%s;binary' % self.attribute - if self.attribute in entry_attrs: - entry_attrs[new_attr_name] = entry_attrs.pop(self.attribute) + self.obj.convert_usercertificate_pre(entry_attrs) return dn def post_callback(self, ldap, dn, entry_attrs, *keys, **options): assert isinstance(dn, DN) - old_attr_name = '%s;binary' % self.attribute - if old_attr_name in entry_attrs: - entry_attrs[self.attribute] = entry_attrs.pop(old_attr_name) + self.obj.convert_usercertificate_post(entry_attrs, **options) return dn |