4 files changed, 32 insertions, 5 deletions

diff --git a/ipa-admintools/ipa-addradiusprofile b/ipa-admintools/ipa-addradiusprofile
index 519bf4952..66db52267 100644
--- a/ipa-admintools/ipa-addradiusprofile
+++ b/ipa-admintools/ipa-addradiusprofile
@@ -59,6 +59,8 @@ def main():
 
     opt_parser.add_option("-u", "--uid", dest="uid",
                       help="RADIUS profile identifier")
+    opt_parser.add_option("-s", "--shared", dest="shared", default=False, action='store_true',
+                      help="profile is shared")
     opt_parser.add_option("-d", "--Description", dest="desc", 
                       help="description of the RADIUS client")
 
@@ -82,8 +84,14 @@ def main():
         opt_parser.error('missing %s' % (distinguished_attr))
 
     uid = args[1]
+    user_profile = not options.shared
     pairs[distinguished_attr] = uid
 
+    # Per user profiles are pre-created (i.e. objectclass radiusprofile is always added for each user)
+    if user_profile:
+        print "ERROR, you cannot add a per-user radius profile, it pre-exists"
+        return 1
+
     # Get pairs from a file or stdin
     if options.pair_file:
         try:
diff --git a/ipa-admintools/ipa-delradiusprofile b/ipa-admintools/ipa-delradiusprofile
index 16baea4ab..f77d01747 100644
--- a/ipa-admintools/ipa-delradiusprofile
+++ b/ipa-admintools/ipa-delradiusprofile
@@ -42,6 +42,8 @@ def help_option_callback(option, opt_str, value, parser, *args, **kwargs):
 def main():
     opt_parser = OptionParser(add_help_option=False)
 
+    opt_parser.add_option("-s", "--shared", dest="shared", default=False, action='store_true',
+                      help="profile is shared")
     opt_parser.add_option("-h", "--help", action="callback", callback=help_option_callback,
                         help="detailed help information")
     opt_parser.set_usage("Usage: %s [options] UID" % (os.path.basename(sys.argv[0])))
@@ -53,10 +55,16 @@ def main():
         opt_parser.error("missing UID")
 
     uid = args[1]
+    user_profile = not options.shared
+
+    # Per user profiles are pre-created (i.e. objectclass radiusprofile is always added for each user)
+    if user_profile:
+        print "ERROR, you cannot delete a per-user radius profile, it always exists"
+        return 1
 
     try:
         ipa_client = ipaclient.IPAClient()
-        ipa_client.delete_radius_profile(uid)
+        ipa_client.delete_radius_profile(uid, user_profile)
         print "successfully deleted"
     except xmlrpclib.Fault, f:
         print f.faultString
diff --git a/ipa-admintools/ipa-findradiusprofile b/ipa-admintools/ipa-findradiusprofile
index 6fd5b466d..ba714068a 100644
--- a/ipa-admintools/ipa-findradiusprofile
+++ b/ipa-admintools/ipa-findradiusprofile
@@ -53,6 +53,8 @@ def help_option_callback(option, opt_str, value, parser, *args, **kwargs):
 
 def main():
     opt_parser = OptionParser(add_help_option=False)
+    opt_parser.add_option("-s", "--shared", dest="shared", default=False, action='store_true',
+                      help="profile is shared")
     opt_parser.add_option("-h", "--help", action="callback", callback=help_option_callback,
                         help="detailed help information")
 
@@ -65,10 +67,11 @@ def main():
         opt_parser.error("missing UID(es)")
 
     uids = args[1:]
+    user_profile = not options.shared
 
     try:
         ipa_client = ipaclient.IPAClient()
-        radius_profiles = ipa_client.find_radius_profiles(uids, sattrs=attrs)
+        radius_profiles = ipa_client.find_radius_profiles(uids, user_profile, sattrs=attrs)
         counter = radius_profiles[0]
         radius_profiles = radius_profiles[1:]
 
diff --git a/ipa-python/ipautil.py b/ipa-python/ipautil.py
index 5f7d396aa..7006e1951 100644
--- a/ipa-python/ipautil.py
+++ b/ipa-python/ipautil.py
@@ -528,6 +528,7 @@ class AttributeValueCompleter:
         self.lhs_delims = lhs_delims
         self.operator = operator
         self.strip_rhs = strip_rhs
+        self.pairs = None
         self._reset()
 
     def _reset(self):
@@ -589,6 +590,13 @@ class AttributeValueCompleter:
         and it should return the default value for the attriubte or None'''
 
         if not self.lhs_complete: raise ValueError("attribute not parsed")
+
+        # If the user previously provided a value let that override the supplied default
+        if self.pairs is not None:
+            prev_value = self.pairs.get(self.lhs)
+            if prev_value is not None: return prev_value
+
+        # No previous user provided value, query for a default
         default_value_type = type(self.default_value)
         if default_value_type is DictType:
             return self.default_value.get(self.lhs, None)
@@ -663,7 +671,7 @@ class AttributeValueCompleter:
             return None, None
 
     def get_pairs(self, prompt, mandatory_attrs=None, validate_callback=None, must_match=True, value_required=True):
-        pairs = {}
+        self.pairs = {}
         if mandatory_attrs:
             mandatory_attrs_remaining = mandatory_attrs[:]
         else:
@@ -702,8 +710,8 @@ class AttributeValueCompleter:
             except ValueError:
                 pass
 
-            pairs[attribute] = value
-        return pairs
+            self.pairs[attribute] = value
+        return self.pairs
 
 class ItemCompleter:
     '''