6 files changed, 26 insertions, 3 deletions

diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif
index 7946526b2..4f10f070b 100644
--- a/install/share/bootstrap-template.ldif
+++ b/install/share/bootstrap-template.ldif
@@ -218,7 +218,6 @@ ipaUserObjectClasses: inetuser
 ipaUserObjectClasses: posixaccount
 ipaUserObjectClasses: krbprincipalaux
 ipaUserObjectClasses: krbticketpolicyaux
-ipaUserObjectClasses: radiusprofile
 ipaUserObjectClasses: ipaobject
 ipaDefaultEmailDomain: $DOMAIN
 ipaMigrationEnabled: FALSE
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index f6b992fdd..00ca89f4d 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -197,6 +197,8 @@ class LDAPObject(Object):
     uuid_attribute = ''
     attribute_members = {}
     rdnattr = None
+    # Can bind as this entry (has userPassword or krbPrincipalKey)
+    bindable = False
 
     container_not_found_msg = _('container entry (%(container)s) not found')
     parent_not_found_msg = _('%(parent)s: %(oname)s not found')
@@ -293,14 +295,33 @@ class LDAPObject(Object):
         'parent_object', 'container_dn', 'object_name', 'object_name_plural',
         'object_class', 'object_class_config', 'default_attributes', 'label',
         'hidden_attributes', 'uuid_attribute', 'attribute_members', 'name',
-        'takes_params', 'rdn_attribute',
+        'takes_params', 'rdn_attribute', 'bindable',
     )
+
     def __json__(self):
+        ldap = self.backend
         json_dict = dict(
             (a, getattr(self, a)) for a in self.json_friendly_attributes
         )
         if self.primary_key:
             json_dict['primary_key'] = self.primary_key.name
+        objectclasses = self.object_class
+        if self.object_class_config:
+            config = ldap.get_ipa_config()[1]
+            objectclasses = config.get(
+                self.object_class_config, objectclasses
+            )
+        # Get list of available attributes for this object for use
+        # in the ACI UI.
+        attrs = self.api.Backend.ldap2.schema.attribute_types(objectclasses)
+        attrlist = []
+        # Go through the MUST first
+        for (oid, attr) in attrs[0].iteritems():
+            attrlist.append(attr.names[0])
+        # And now the MAY
+        for (oid, attr) in attrs[1].iteritems():
+            attrlist.append(attr.names[0])
+        json_dict['aciattrs'] = attrlist
         json_dict['methods'] = [m for m in self.methods]
         return json_dict
 
diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py
index a9589c6ec..437b7d52f 100644
--- a/ipalib/plugins/host.py
+++ b/ipalib/plugins/host.py
@@ -165,6 +165,7 @@ class host(LDAPObject):
         'memberof': ['hostgroup', 'netgroup', 'role'],
         'managedby': ['host'],
     }
+    bindable = True
 
     label = _('Hosts')
 
diff --git a/ipalib/plugins/internal.py b/ipalib/plugins/internal.py
index 2e5d879b0..1f2cf9fe9 100644
--- a/ipalib/plugins/internal.py
+++ b/ipalib/plugins/internal.py
@@ -56,7 +56,7 @@ class json_metadata(Command):
                     ((objname, json_serialize(self.api.Object[objname])), )
                 )
             )
-            retval= dict([("metadata",meta), ("messages",dict())])
+            retval= dict([("metadata",meta)])
 
         else:
             meta=dict(
diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py
index fbb1ff2ca..1e555998d 100644
--- a/ipalib/plugins/service.py
+++ b/ipalib/plugins/service.py
@@ -237,6 +237,7 @@ class service(LDAPObject):
     attribute_members = {
         'managedby': ['host'],
     }
+    bindable = True
 
     label = _('Services')
 
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index 9c89c4da7..c3246f5cd 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -73,6 +73,7 @@ class user(LDAPObject):
         'memberof': ['group', 'netgroup', 'role'],
     }
     rdnattr = 'uid'
+    bindable = True
 
     label = _('Users')