summaryrefslogtreecommitdiffstats
path: root/ipalib/plugins/basegroup.py
diff options
context:
space:
mode:
Diffstat (limited to 'ipalib/plugins/basegroup.py')
-rw-r--r--ipalib/plugins/basegroup.py551
1 files changed, 0 insertions, 551 deletions
diff --git a/ipalib/plugins/basegroup.py b/ipalib/plugins/basegroup.py
deleted file mode 100644
index 9cfd3506d..000000000
--- a/ipalib/plugins/basegroup.py
+++ /dev/null
@@ -1,551 +0,0 @@
-# Authors:
-# Rob Crittenden <rcritten@redhat.com>
-# Pavel Zuna <pzuna@redhat.com>
-#
-# Copyright (C) 2009 Red Hat
-# see file 'COPYING' for use and warranty information
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License as
-# published by the Free Software Foundation; version 2 only
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-
-"""
-Base plugin for groups.
-"""
-
-from ipalib import api, crud, errors
-from ipalib import Command, Object
-from ipalib import Flag, Int, List, Str
-from ipalib import uuid
-
-_default_attributes = ['cn', 'description', 'member', 'memberof']
-_default_class = 'groupofnames'
-
-
-def find_members(ldap, failed, members, attr, object_class, parent_dn=''):
- """
- Search for a list of members to operate on.
-
- Returns a tuple of 2 lists: a list of DNs found, a list of errors
-
- :param ldap: The ldap connection
- :param failed: The current list of failed entries
- :param members: list of members to find DNs for
- :param attr: The primary key attribute (cn, uid, etc)
- :param object_class: type of entry we're looking for
- :param parent_dn: base DN for the search
- """
- found = {}
- for m in members:
- if not m:
- continue
- try:
- (member_dn, entry_attrs) = ldap.find_entry_by_attr(
- attr, m, object_class, [''], parent_dn
- )
- found[m] = member_dn
- except errors.NotFound, e:
- failed[m] = 'ERROR: %s' % e.message
-
- return (found, failed)
-
-def add_members(ldap, completed, members, add_failed, group_dn, member_attr):
- """
- Add members to a group.
-
- Returns a tuple of the # completed and those that weren't added
-
- :param ldap: The ldap connection
- :param completed: number of entries successfully added
- :param members: list of member DNs to add
- :param add_failed: members who failed to be added
- :param dn: DN of group to add members to
- :param membet_attr: The attribute where members are stored
- """
- for (m, member_dn) in members.iteritems():
- if not member_dn:
- continue
- try:
- ldap.add_entry_to_group(member_dn, group_dn, member_attr)
- completed += 1
- except Exception, e:
- add_failed[m] = 'ERROR: %s' % e.message
-
- return (completed, add_failed)
-
-def del_members(ldap, completed, members, rem_failed, group_dn, member_attr):
- """
- Remove members from group.
-
- Returns a tuple of the # completed and those that weren't removed
-
- :param ldap: The ldap connection
- :param completed: number of entries successfully removed
- :param members: list of member DNs to remove
- :param remove_failed: members who failed to be removed
- :param dn: DN of group to remove members from
- :param membet_attr: The attribute where members are stored
- """
- for (m, member_dn) in members.iteritems():
- if not member_dn:
- continue
- try:
- ldap.remove_entry_from_group(member_dn, group_dn, member_attr)
- completed += 1
- except Exception, e:
- rem_failed[m] = 'ERROR: %s' % e.message
-
- return (completed, rem_failed)
-
-
-class basegroup(Object):
- """
- Basic Group object.
- """
- container = None
-
- takes_params = (
- Str('cn',
- cli_name='name',
- doc='group name',
- primary_key=True,
- normalizer=lambda value: value.lower(),
- ),
- Str('description',
- cli_name='desc',
- doc='A description of this group',
- ),
- )
-
- def get_dn(self, ldap, cn):
- """
- Construct group dn from cn.
- """
- assert self.container
- return ldap.make_dn_from_attr('cn', cn, self.container)
-
-
-class basegroup_add(crud.Create):
- """
- Create new group.
- """
- base_classes = ('top', 'ipaobject', _default_class)
-
- def execute(self, cn, **kw):
- """
- Execute a group add operation.
-
- The dn should not be passed as a keyword argument as it is constructed
- by this method.
-
- Returns the entry as it will be created in LDAP.
-
- :param cn: The name of the group being added.
- :param kw: Keyword arguments for the other LDAP attributes.
- """
- assert 'cn' not in kw
- assert 'dn' not in kw
- ldap = self.api.Backend.ldap2
- entry_attrs = self.args_options_2_entry(cn, **kw)
- dn = self.obj.get_dn(ldap, cn)
-
- if kw.get('objectclass'):
- entry_attrs['objectclass'] = kw['objectclass']
- else:
- entry_attrs['objectclass'] = self.base_classes
-
- entry_attrs['ipauniqueid'] = str(uuid.uuid1())
-
- ldap.add_entry(dn, entry_attrs)
-
- return ldap.get_entry(dn, entry_attrs.keys())
-
- def output_for_cli(self, textui, result, cn, **options):
- """
- Output result of this command to command line interface.
- """
- (dn, entry_attrs) = result
-
- textui.print_name(self.name)
- textui.print_attribute('dn', dn)
- textui.print_entry(entry_attrs)
- textui.print_dashed('Created group "%s".' % cn)
-
-
-class basegroup_del(crud.Delete):
- """
- Delete group.
- """
- filter_class = _default_class
- container = None
-
- def execute(self, cn):
- """
- Delete a group
-
- The memberOf plugin handles removing the group from any other
- groups.
-
- :param cn: The name of the group being removed
- :param kw: Unused
- """
- assert self.container
- ldap = self.api.Backend.ldap2
-
- (dn, entry_attrs) = ldap.find_entry_by_attr(
- 'cn', cn, self.filter_class, [''], self.container
- )
-
- ldap.delete_entry(dn)
-
- return True
-
- def output_for_cli(self, textui, result, cn):
- """
- Output result of this command to command line interface.
- """
- textui.print_name(self.name)
- textui.print_dashed('Deleted group "%s"' % cn)
-
-
-class basegroup_mod(crud.Update):
- """
- Modify group.
- """
- filter_class = _default_class
- container = None
-
- def execute(self, cn, **kw):
- """
- Execute the group-mod operation.
-
- The dn should not be passed as a keyword argument as it is constructed
- by this method.
-
- Returns the entry
-
- :param cn: The name of the group to update.
- :param kw: Keyword arguments for the other LDAP attributes.
- """
- assert 'cn' not in kw
- assert 'dn' not in kw
- assert self.container
- assert self.filter_class
- ldap = self.api.Backend.ldap2
-
- (dn, entry_attrs) = ldap.find_entry_by_attr(
- 'cn', cn, self.filter_class, [''], self.container
- )
-
- entry_attrs = self.args_options_2_entry(cn, **kw)
- if 'objectclass' in kw:
- entry_attrs['objectclass'] = kw['objectclass']
-
- ldap.update_entry(dn, entry_attrs)
-
- return ldap.get_entry(dn, entry_attrs.keys())
-
- def output_for_cli(self, textui, result, cn, **options):
- """
- Output result of this command to command line interface.
- """
- (dn, entry_attrs) = result
-
- textui.print_name(self.name)
- textui.print_attribute('dn', dn)
- textui.print_entry(entry_attrs)
- textui.print_dashed('Modified group "%s"' % cn)
-
-
-class basegroup_find(crud.Search):
- """
- Search for groups.
- """
- filter_class = _default_class
- searchfields = []
- container = None
-
- takes_options = (
- Flag('all',
- cli_name='all',
- doc='Retrieve all attributes'
- ),
- )
-
- def execute(self, term, **kw):
- ldap = self.api.Backend.ldap2
-
- search_kw = self.args_options_2_entry(**kw)
- if self.filter_class:
- search_kw['objectclass'] = self.filter_class
- filter = ldap.make_filter(search_kw, rules=ldap.MATCH_ALL)
- if term:
- if not self.searchfields:
- # Pull the list of searchable attributes out of the IPA config.
- conf = ldap.get_ipa_config()[1]
- search_fields = conf.get('ipagroupsearchfields')[0].split(',')
- else:
- search_fields = self.searchfields
-
- search_kw = {}
- for s in search_fields:
- search_kw[s] = term
- term_filter = ldap.make_filter(search_kw, exact=False)
- filter = ldap.combine_filters(
- (filter, term_filter), ldap.MATCH_ALL
- )
-
- if kw['all']:
- attrs_list = ['*']
- else:
- attrs_list = _default_attributes
-
- parent_dn = self.container or ''
-
- try:
- (entries, truncated) = ldap.find_entries(
- filter, attrs_list, parent_dn
- )
- except errors.NotFound:
- (entries, truncated) = (tuple(), False)
-
- return (entries, truncated)
-
- def output_for_cli(self, textui, result, criteria, **options):
- (entries, truncated) = result
-
- textui.print_name(self.name)
- for (dn, entry_attrs) in entries:
- textui.print_attribute('dn', dn)
- textui.print_entry(entry_attrs)
- textui.print_plain('')
- textui.print_count(
- len(entries), '%i group matched.', '%i groups matched.'
- )
- if truncated:
- textui.print_dashed('These results are truncated.', below=False)
- textui.print_dashed(
- 'Please refine your search and try again.', above=False
- )
-
-
-class basegroup_show(crud.Retrieve):
- """
- Display group.
- """
- filter_class = _default_class
- default_attributes = _default_attributes
- container = None
-
- takes_options = (
- Flag('all',
- doc='Retrieve all attributes'
- ),
- )
-
- def execute(self, cn, **kw):
- """
- Execute the group-show operation.
-
- The dn should not be passed as a keyword argument as it is constructed
- by this method.
-
- Returns the entry
-
- :param cn: The group name to retrieve.
- :param kw: Not used.
- """
- assert self.container
- ldap = self.api.Backend.ldap2
-
- if kw['all']:
- attrs_list = ['*']
- else:
- attrs_list = self.default_attributes
-
- return ldap.find_entry_by_attr(
- 'cn', cn, self.filter_class, attrs_list, self.container
- )
-
- def output_for_cli(self, textui, result, *args, **options):
- (dn, entry_attrs) = result
-
- textui.print_name(self.name)
- textui.print_attribute('dn', dn)
- textui.print_entry(entry_attrs)
-
-
-class basegroup_add_member(Command):
- """
- Add members to group.
- """
- filter_class = _default_class
- default_attributes = _default_attributes
- container = None
-
- takes_args = (
- Str('cn',
- cli_name='name',
- doc='group name',
- ),
- )
-
- takes_options = (
- List('users?',
- cli_name='users',
- doc='comma-separated list of users to add',
- ),
- List('groups?',
- cli_name='groups',
- doc='comma-separated list of user groups to add',
- ),
- )
-
- def execute(self, cn, **kw):
- """
- Execute the group-add-member operation.
-
- Returns a tuple containing the number of members added
- and the updated entry.
-
- :param cn: The group name to add new members to.
- :param kw: groups is a comma-separated list of groups to add
- :param kw: users is a comma-separated list of users to add
- """
- assert self.container
- ldap = self.api.Backend.ldap2
- to_add = []
- add_failed = {}
- completed = 0
-
- (dn, entry_attrs) = ldap.find_entry_by_attr(
- 'cn', cn, self.filter_class, [''], self.container
- )
-
- members = kw.get('groups', [])
- (to_add, add_failed) = find_members(
- ldap, add_failed, members, 'cn', 'ipausergroup',
- self.api.env.container_group
- )
- (completed, add_failed) = add_members(
- ldap, completed, to_add, add_failed, dn, 'member'
- )
-
- members = kw.get('users', [])
- (to_add, add_failed) = find_members(
- ldap, add_failed, members, 'uid', 'posixaccount',
- self.api.env.container_user
- )
- (completed, add_failed) = add_members(
- ldap, completed, to_add, add_failed, dn, 'member'
- )
-
- return (
- completed, add_failed, ldap.get_entry(dn, self.default_attributes)
- )
-
- def output_for_cli(self, textui, result, *args, **options):
- """
- Output result of this command to command line interface.
- """
- (total, failed, (dn, entry_attrs)) = result
-
- textui.print_entry(failed, indent=0)
- textui.print_name(self.name)
- textui.print_attribute('dn', dn)
- textui.print_entry(entry_attrs)
- textui.print_count(total, '%i member added.', '%i members added.')
-
-
-class basegroup_remove_member(Command):
- """
- Remove members from group.
- """
- filter_class = _default_class
- default_attributes = _default_attributes
- container = None
-
- takes_args = (
- Str('cn',
- cli_name='name',
- doc='group name',
- ),
- )
-
- takes_options = (
- List('users?',
- cli_name='users',
- doc='comma-separated list of users to remove',
- ),
- List('groups?',
- cli_name='groups',
- doc='comma-separated list of user groups to remove',
- ),
- )
-
- def execute(self, cn, **kw):
- """
- Execute the group-remove-member operation.
-
- Returns a tuple containing the number of members removed
- and the updated entry.
-
- :param cn: The group name to add new members to.
- :param kw: groups is a comma-separated list of groups to remove
- :param kw: users is a comma-separated list of users to remove
- """
- assert self.container
- ldap = self.api.Backend.ldap2
- to_remove = []
- rem_failed = {}
- completed = 0
-
- (dn, entry_attrs) = ldap.find_entry_by_attr(
- 'cn', cn, self.filter_class, [''], self.container
- )
-
- members = kw.get('groups', [])
- (to_remove, rem_failed) = find_members(
- ldap, rem_failed, members, 'cn', 'ipausergroup',
- self.api.env.container_group
- )
- (completed, rem_failed) = del_members(
- ldap, completed, to_remove, rem_failed, dn, 'member'
- )
-
- members = kw.get('users', [])
- (to_remove, rem_failed) = find_members(
- ldap, rem_failed, members, 'uid', 'posixaccount',
- self.api.env.container_user
- )
- (completed, rem_failed) = del_members(
- ldap, completed, to_remove, rem_failed, dn, 'member'
- )
-
- return (
- completed, rem_failed, ldap.get_entry(dn, self.default_attributes)
- )
-
- def output_for_cli(self, textui, result, *args, **options):
- """
- Output result of this command to command line interface.
- """
- (total, failed, (dn, entry_attrs)) = result
-
- textui.print_entry(failed, indent=0)
- textui.print_name(self.name)
- textui.print_attribute('dn', dn)
-
- textui.print_entry(entry_attrs)
-
- textui.print_count(total, '%i member removed.', '%i members removed.')
-