summaryrefslogtreecommitdiffstats
path: root/ipalib
diff options
context:
space:
mode:
Diffstat (limited to 'ipalib')
-rw-r--r--ipalib/plugins/idrange.py61
1 files changed, 34 insertions, 27 deletions
diff --git a/ipalib/plugins/idrange.py b/ipalib/plugins/idrange.py
index 06fcc4fc7..cf74a75ff 100644
--- a/ipalib/plugins/idrange.py
+++ b/ipalib/plugins/idrange.py
@@ -394,40 +394,47 @@ class idrange_add(LDAPCreate):
dom_sid_set = any(dom_id in kw for dom_id in
('ipanttrusteddomainname', 'ipanttrusteddomainsid'))
- rid_base_set = 'ipabaserid' in kw
- secondary_rid_base_set = 'ipasecondarybaserid' in kw
+ rid_base = kw.get('ipabaserid', None)
+ secondary_rid_base = kw.get('ipasecondarybaserid', None)
- # Prompt for RID base if domain SID / name was given
- if dom_sid_set and not rid_base_set:
- value = self.prompt_param(self.params['ipabaserid'])
- kw.update(dict(ipabaserid=value))
+ def set_from_prompt(param):
+ value = self.prompt_param(self.params[param])
+ update = {param: value}
+ kw.update(update)
- if not dom_sid_set:
- # Prompt for secondary RID base if RID base was given
- if rid_base_set and not secondary_rid_base_set:
- value = self.prompt_param(self.params['ipasecondarybaserid'])
- kw.update(dict(ipasecondarybaserid=value))
+ if dom_sid_set:
+ # This is a trusted range
- # Symetrically, prompt for RID base if secondary RID base was given
- if not rid_base_set and secondary_rid_base_set:
- value = self.prompt_param(self.params['ipabaserid'])
- kw.update(dict(ipabaserid=value))
+ # Prompt for RID base if domain SID / name was given
+ if rid_base is None:
+ set_from_prompt('ipabaserid')
- # Prompt for rid-base and secondary-rid-base if ipa-adtrust-install
- # has been run on the system
- adtrust_is_enabled = api.Command['adtrust_is_enabled']()['result']
+ else:
+ # This is a local range
+ # Find out whether ipa-adtrust-install has been ran
+ adtrust_is_enabled = api.Command['adtrust_is_enabled']()['result']
- if adtrust_is_enabled:
- rid_base = kw.get('ipabaserid', None)
- secondary_rid_base = kw.get('ipasecondarybaserid', None)
+ if adtrust_is_enabled:
+ # If ipa-adtrust-install has been ran, all local ranges
+ # require both RID base and secondary RID base
- if rid_base is None:
- value = self.prompt_param(self.params['ipabaserid'])
- kw.update(dict(ipabaserid=value))
+ if rid_base is None:
+ set_from_prompt('ipabaserid')
+
+ if secondary_rid_base is None:
+ set_from_prompt('ipasecondarybaserid')
+
+ else:
+ # This is a local range on a server with no adtrust support
+
+ # Prompt for secondary RID base only if RID base was given
+ if rid_base is not None and secondary_rid_base is None:
+ set_from_prompt('ipasecondarybaserid')
- if secondary_rid_base is None:
- value = self.prompt_param(self.params['ipasecondarybaserid'])
- kw.update(dict(ipasecondarybaserid=value))
+ # Symetrically, prompt for RID base if secondary RID base was
+ # given
+ if rid_base is None and secondary_rid_base is not None:
+ set_from_prompt('ipabaserid')
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
assert isinstance(dn, DN)