diff options
| -rw-r--r-- | ipa_server/ipaldap.py | 42 | ||||
| -rwxr-xr-x | ipalib/aci.py | 23 |
2 files changed, 41 insertions, 24 deletions
diff --git a/ipa_server/ipaldap.py b/ipa_server/ipaldap.py index 6a7e66442..7cfd6c41f 100644 --- a/ipa_server/ipaldap.py +++ b/ipa_server/ipaldap.py @@ -38,12 +38,14 @@ from ipalib import errors sasl_auth = ldap.sasl.sasl({},'GSSAPI') class Entry: - """This class represents an LDAP Entry object. An LDAP entry consists of - a DN and a list of attributes. Each attribute consists of a name and - a list of values. In python-ldap, entries are returned as a list of - 2-tuples. Instance variables: - dn - string - the string DN of the entry - data - CIDict - case insensitive dict of the attributes and values + """ + This class represents an LDAP Entry object. An LDAP entry consists of + a DN and a list of attributes. Each attribute consists of a name and + a list of values. In python-ldap, entries are returned as a list of + 2-tuples. Instance variables: + + * dn - string - the string DN of the entry + * data - CIDict - case insensitive dict of the attributes and values """ def __init__(self,entrydata): """data is the raw data returned from the python-ldap result method, which is @@ -87,15 +89,21 @@ class Entry: """Get the first value for the attribute named name""" return self.data.get(name,[None])[0] - def setValue(self,name,*value): - """Value passed in may be a single value, several values, or a single sequence. - For example: - ent.setValue('name', 'value') - ent.setValue('name', 'value1', 'value2', ..., 'valueN') - ent.setValue('name', ['value1', 'value2', ..., 'valueN']) - ent.setValue('name', ('value1', 'value2', ..., 'valueN')) - Since *value is a tuple, we may have to extract a list or tuple from that - tuple as in the last two examples above""" + def setValue(self, name, *value): + """ + Set a value on this entry. + + The value passed in may be a single value, several values, or a + single sequence. For example: + + * ent.setValue('name', 'value') + * ent.setValue('name', 'value1', 'value2', ..., 'valueN') + * ent.setValue('name', ['value1', 'value2', ..., 'valueN']) + * ent.setValue('name', ('value1', 'value2', ..., 'valueN')) + + Since value is a tuple, we may have to extract a list or tuple from + that tuple as in the last two examples above. + """ if isinstance(value[0],list) or isinstance(value[0],tuple): self.data[name] = value[0] else: @@ -285,7 +293,7 @@ class IPAdmin(SimpleLDAPObject): if not obj: raise errors.NotFound, notfound(args) - + elif isinstance(obj,Entry): return obj else: # assume list/tuple @@ -484,7 +492,7 @@ class IPAdmin(SimpleLDAPObject): def modifyPassword(self,dn,oldpass,newpass): """Set the user password using RFC 3062, LDAP Password Modify Extended - Operation. This ends up calling the IPA password slapi plugin + Operation. This ends up calling the IPA password slapi plugin handler so the Kerberos password gets set properly. oldpass is not mandatory diff --git a/ipalib/aci.py b/ipalib/aci.py index 17956812f..9dde767c0 100755 --- a/ipalib/aci.py +++ b/ipalib/aci.py @@ -43,7 +43,7 @@ class ACI: __actions = ["allow", "deny"] - __permissions = ["read", "write", "add", "delete", "search", "compare", + __permissions = ["read", "write", "add", "delete", "search", "compare", "selfwrite", "proxy", "all"] def __init__(self,acistr=None): @@ -71,9 +71,14 @@ class ACI: return self.export_to_string() def __getattr__(self, name): - """Backwards compatibility for the old ACI class. - The following extra attributes are available: - source_group, dest_group and attrs. + """ + Backward compatibility for the old ACI class. + + The following extra attributes are available: + + - source_group + - dest_group + - attrs """ if name == 'source_group': group = '' @@ -96,9 +101,13 @@ class ACI: raise AttributeError, "object has no attribute '%s'" % name def __setattr__(self, name, value): - """Backwards compatibility for the old ACI class. - The following extra attributes are available: - source_group, dest_group and attrs. + """ + Backward compatibility for the old ACI class. + + The following extra attributes are available: + - source_group + - dest_group + - attrs """ if name == 'source_group': self.__dict__['bindrule'] = 'groupdn="ldap:///%s"' % value |