diff options
-rw-r--r-- | ipalib/plugins/baseldap.py | 3 | ||||
-rw-r--r-- | ipalib/plugins/sudocmd.py | 5 | ||||
-rw-r--r-- | ipaserver/plugins/ldap2.py | 8 | ||||
-rw-r--r-- | tests/test_xmlrpc/test_sudocmdgroup_plugin.py | 21 |
4 files changed, 34 insertions, 3 deletions
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 3cb72d7b0..0581ea3ad 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -65,6 +65,9 @@ global_output_params = ( Str('memberof_role?', label=_('Roles'), ), + Str('memberof_sudocmdgroup?', + label=_('Sudo Command Groups'), + ), Str('member_privilege?', label='Granted to Privilege', ), diff --git a/ipalib/plugins/sudocmd.py b/ipalib/plugins/sudocmd.py index 50da72254..528d79079 100644 --- a/ipalib/plugins/sudocmd.py +++ b/ipalib/plugins/sudocmd.py @@ -55,8 +55,11 @@ class sudocmd(LDAPObject): 'sudocmd', 'description', ] default_attributes = [ - 'sudocmd', 'description', + 'sudocmd', 'description', 'memberof', ] + attribute_members = { + 'memberof': ['sudocmdgroup'], + } uuid_attribute = 'ipauniqueid' label = _('SUDO Commands') diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index d1e31f5e6..568792d1b 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -1002,6 +1002,14 @@ class ldap2(CrudBackend, Encoder): except errors.NotFound: pbacresults = [] results = results + pbacresults + try: + (sudoresults, truncated) = self.find_entries(searchfilter, + attr_list, 'cn=sudo,%s' % api.env.basedn, + time_limit=time_limit, size_limit=size_limit, + normalize=normalize) + except errors.NotFound: + sudoresults = [] + results = results + sudoresults direct = [] indirect = [] diff --git a/tests/test_xmlrpc/test_sudocmdgroup_plugin.py b/tests/test_xmlrpc/test_sudocmdgroup_plugin.py index 3bd2b3e1e..ad84ab631 100644 --- a/tests/test_xmlrpc/test_sudocmdgroup_plugin.py +++ b/tests/test_xmlrpc/test_sudocmdgroup_plugin.py @@ -42,7 +42,7 @@ class test_sudocmdgroup(Declarative): dict( desc='Create %r' % sudocmd1, command=( - 'sudocmd_add', [], dict(sudocmd=sudocmd1,) + 'sudocmd_add', [], dict(sudocmd=sudocmd1, description=u'Test sudo command 1') ), expected=dict( value=sudocmd1, @@ -51,6 +51,7 @@ class test_sudocmdgroup(Declarative): objectclass=objectclasses.sudocmd, sudocmd=[u'/usr/bin/sudotestcmd1'], ipauniqueid=[fuzzy_uuid], + description=[u'Test sudo command 1'], dn=u'sudocmd=%s,cn=sudocmds,cn=sudo,%s' % (sudocmd1, api.env.basedn), ), @@ -66,6 +67,7 @@ class test_sudocmdgroup(Declarative): summary=None, result=dict( sudocmd=[sudocmd1], + description=[u'Test sudo command 1'], dn=u'sudocmd=%s,cn=sudocmds,cn=sudo,%s' % (sudocmd1, api.env.basedn), ), @@ -373,7 +375,22 @@ class test_sudocmdgroup(Declarative): ), dict( - # FIXME: Shouldn't this raise a NotFound instead? + desc='Retrieve %r to show membership' % sudocmd1, + command=('sudocmd_show', [sudocmd1], {}), + expected=dict( + value=sudocmd1, + summary=None, + result=dict( + dn=u'sudocmd=%s,cn=sudocmds,cn=sudo,%s' % (sudocmd1, + api.env.basedn), + sudocmd=[sudocmd1], + description=[u'Test sudo command 1'], + memberof_sudocmdgroup = [u'testsudocmdgroup1'], + ), + ), + ), + + dict( desc='Try to add non-existent member to %r' % sudocmdgroup1, command=( 'sudocmdgroup_add_member', [sudocmdgroup1], |