diff options
-rw-r--r-- | ipalib/plugins/baseldap.py | 57 | ||||
-rw-r--r-- | ipalib/plugins/group.py | 2 | ||||
-rw-r--r-- | ipalib/plugins/host.py | 7 | ||||
-rw-r--r-- | ipalib/plugins/hostgroup.py | 2 | ||||
-rw-r--r-- | ipalib/plugins/netgroup.py | 11 | ||||
-rw-r--r-- | ipalib/plugins/user.py | 2 |
6 files changed, 68 insertions, 13 deletions
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 259d02b01..688f35bad 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -247,6 +247,15 @@ class LDAPObject(Object): rdnattr = None # Can bind as this entry (has userPassword or krbPrincipalKey) bindable = False + relationships = { + # attribute: (label, inclusive param prefix, exclusive param prefix) + 'member': ('Member', '', 'no_'), + 'memberof': ('Parent', 'in_', 'not_in_'), + 'memberindirect': ( + 'Indirect Member', None, 'no_indirect_' + ), + } + label = _('Entry') container_not_found_msg = _('container entry (%(container)s) not found') parent_not_found_msg = _('%(parent)s: %(oname)s not found') @@ -343,7 +352,7 @@ class LDAPObject(Object): 'parent_object', 'container_dn', 'object_name', 'object_name_plural', 'object_class', 'object_class_config', 'default_attributes', 'label', 'hidden_attributes', 'uuid_attribute', 'attribute_members', 'name', - 'takes_params', 'rdn_attribute', 'bindable', + 'takes_params', 'rdn_attribute', 'bindable', 'relationships', ) def __json__(self): @@ -1193,7 +1202,8 @@ class LDAPSearch(CallbackInterface, crud.Search): Retrieve all LDAP entries matching the given criteria. """ member_attributes = [] - member_param_doc = 'exclude %s with member %s (comma-separated list)' + member_param_incl_doc = 'only %s with %s %s' + member_param_excl_doc = 'only %s with no %s %s' takes_options = ( Int('timelimit?', @@ -1225,21 +1235,50 @@ class LDAPSearch(CallbackInterface, crud.Search): for attr in self.member_attributes: for ldap_obj_name in self.obj.attribute_members[attr]: ldap_obj = self.api.Object[ldap_obj_name] - name = to_cli(ldap_obj_name) - doc = self.member_param_doc % ( - self.obj.object_name_plural, ldap_obj.object_name_plural + relationship = self.obj.relationships.get( + attr, ['member', '', 'no_'] + ) + doc = self.member_param_incl_doc % ( + self.obj.object_name_plural, relationship[0].lower(), + ldap_obj.object_name_plural + ) + name = '%s%s' % (relationship[1], to_cli(ldap_obj_name)) + yield List( + '%s?' % name, cli_name='%ss' % name, doc=doc, + label=ldap_obj.object_name + ) + doc = self.member_param_excl_doc % ( + self.obj.object_name_plural, relationship[0].lower(), + ldap_obj.object_name_plural + ) + name = '%s%s' % (relationship[2], to_cli(ldap_obj_name)) + yield List( + '%s?' % name, cli_name='%ss' % name, doc=doc, + label=ldap_obj.object_name ) - yield List('no_%s?' % name, cli_name='no_%ss' % name, doc=doc, - label=ldap_obj.object_name) def get_member_filter(self, ldap, **options): filter = '' for attr in self.member_attributes: for ldap_obj_name in self.obj.attribute_members[attr]: - param_name = 'no_%s' % to_cli(ldap_obj_name) + ldap_obj = self.api.Object[ldap_obj_name] + relationship = self.obj.relationships.get( + attr, ['member', '', 'no_'] + ) + param_name = '%s%s' % (relationship[1], to_cli(ldap_obj_name)) + if param_name in options: + dns = [] + for pkey in options[param_name]: + dns.append(ldap_obj.get_dn(pkey)) + flt = ldap.make_filter_from_attr( + attr, dns, ldap.MATCH_ALL + ) + filter = ldap.combine_filters( + (filter, flt), ldap.MATCH_ALL + ) + param_name = '%s%s' % (relationship[2], to_cli(ldap_obj_name)) if param_name in options: dns = [] - ldap_obj = self.api.Object[ldap_obj_name] for pkey in options[param_name]: dns.append(ldap_obj.get_dn(pkey)) flt = ldap.make_filter_from_attr( diff --git a/ipalib/plugins/group.py b/ipalib/plugins/group.py index 9fd24008c..ecf5453e4 100644 --- a/ipalib/plugins/group.py +++ b/ipalib/plugins/group.py @@ -213,7 +213,7 @@ class group_find(LDAPSearch): """ Search for groups. """ - member_attributes = ['member'] + member_attributes = ['member', 'memberof'] msg_summary = ngettext( '%(count)d group matched', '%(count)d groups matched', 0 diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index 283c2c165..e24da1bf3 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -170,6 +170,11 @@ class host(LDAPObject): 'managedby': ['host'], } bindable = True + relationships = { + 'memberof': ('Parent', 'in_', 'not_in_'), + 'enrolledby': ('Enrolled by', 'enroll_by_', 'not_enroll_by_'), + 'managedby': ('Managed by', 'man_by_', 'not_man_by_'), + } label = _('Hosts') @@ -568,7 +573,7 @@ class host_find(LDAPSearch): msg_summary = ngettext( '%(count)d host matched', '%(count)d hosts matched' ) - member_attributes = ['managedby'] + member_attributes = ['memberof', 'enrolledby', 'managedby'] def pre_callback(self, ldap, filter, attrs_list, base_dn, scope, *args, **options): if 'locality' in attrs_list: diff --git a/ipalib/plugins/hostgroup.py b/ipalib/plugins/hostgroup.py index db270aea0..082e4ef00 100644 --- a/ipalib/plugins/hostgroup.py +++ b/ipalib/plugins/hostgroup.py @@ -123,7 +123,7 @@ class hostgroup_find(LDAPSearch): """ Search for hostgroups. """ - member_attributes = ['member'] + member_attributes = ['member', 'memberof'] msg_summary = ngettext( '%(count)d hostgroup matched', '%(count)d hostgroups matched' ) diff --git a/ipalib/plugins/netgroup.py b/ipalib/plugins/netgroup.py index 83e699908..ce9a51b6c 100644 --- a/ipalib/plugins/netgroup.py +++ b/ipalib/plugins/netgroup.py @@ -85,6 +85,15 @@ class netgroup(LDAPObject): 'memberuser': ['user', 'group'], 'memberhost': ['host', 'hostgroup'], } + relationships = { + 'member': ('Member', '', 'no_'), + 'memberof': ('Parent', 'in_', 'not_in_'), + 'memberindirect': ( + 'Indirect Member', None, 'no_indirect_' + ), + 'memberuser': ('Member', '', 'no_'), + 'memberhost': ('Member', '', 'no_'), + } label = _('Net Groups') @@ -171,7 +180,7 @@ class netgroup_find(LDAPSearch): """ Search for a netgroup. """ - member_attributes = ['member', 'memberuser', 'memberhost'] + member_attributes = ['member', 'memberuser', 'memberhost', 'memberof'] has_output_params = LDAPSearch.has_output_params + output_params msg_summary = ngettext( '%(count)d netgroup matched', '%(count)d netgroups matched' diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index 3d9b7e6d4..0afb8b5d2 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -316,6 +316,7 @@ class user_find(LDAPSearch): """ Search for users. """ + member_attributes = ['memberof'] takes_options = LDAPSearch.takes_options + ( Flag('whoami', @@ -323,6 +324,7 @@ class user_find(LDAPSearch): doc=_('Display user record for current Kerberos principal'), ), ) + def pre_callback(self, ldap, filter, attrs_list, base_dn, scope, *keys, **options): if options.get('whoami'): return ("(&(objectclass=posixaccount)(krbprincipalname=%s))"%\ |