From a3853771c0acf321d738ec0c20594fa3f505b12c Mon Sep 17 00:00:00 2001
From: Tomas Babej <tbabej@redhat.com>
Date: Mon, 22 Sep 2014 12:19:26 +0200
Subject: idviews: Add Default Trust View as part of adtrustinstall

---
 install/share/Makefile.am             |  1 +
 install/share/default-trust-view.ldif |  6 ++++++
 ipaserver/install/adtrustinstance.py  | 22 ++++++++++++++++++++++
 3 files changed, 29 insertions(+)
 create mode 100644 install/share/default-trust-view.ldif

diff --git a/install/share/Makefile.am b/install/share/Makefile.am
index e72623ad7..7d8ceb60e 100644
--- a/install/share/Makefile.am
+++ b/install/share/Makefile.am
@@ -26,6 +26,7 @@ app_DATA =				\
 	default-aci.ldif		\
 	default-hbac.ldif		\
 	default-smb-group.ldif		\
+	default-trust-view.ldif		\
 	delegation.ldif			\
 	disable-betxn.ldif		\
 	replica-acis.ldif		\
diff --git a/install/share/default-trust-view.ldif b/install/share/default-trust-view.ldif
new file mode 100644
index 000000000..d782b4774
--- /dev/null
+++ b/install/share/default-trust-view.ldif
@@ -0,0 +1,6 @@
+dn: cn=Default Trust View,cn=views,cn=accounts,$SUFFIX
+changetype: add
+cn: Default Trust View
+description: Default Trust View for AD users. Should not be deleted.
+objectclass: top
+objectclass: ipaIDView
diff --git a/ipaserver/install/adtrustinstance.py b/ipaserver/install/adtrustinstance.py
index 38b080131..277baad4a 100644
--- a/ipaserver/install/adtrustinstance.py
+++ b/ipaserver/install/adtrustinstance.py
@@ -241,6 +241,27 @@ class ADTRUSTInstance(service.Service):
             except:
                 self.print_msg("Failed to modify IPA admin group object")
 
+    def __add_default_trust_view(self):
+        default_view_dn = DN(('cn', 'Default Trust View'),
+                             api.env.container_views, self.suffix)
+
+        try:
+            self.admin_conn.get_entry(default_view_dn)
+        except errors.NotFound:
+            try:
+                self._ldap_mod('default-trust-view.ldif', self.sub_dict)
+            except Exception, e:
+                self.print_msg("Failed to add default trust view.")
+                raise e
+        else:
+            self.print_msg("Default Trust View already exists.")
+
+        # _ldap_mod does not return useful error codes, so we must check again
+        # if the default trust view was created properly.
+        try:
+            self.admin_conn.get_entry(default_view_dn)
+        except errors.NotFound:
+            self.print_msg("Failed to add Default Trust View.")
 
     def __add_fallback_group(self):
         """
@@ -875,6 +896,7 @@ class ADTRUSTInstance(service.Service):
         self.step("restarting Directory Server to take MS PAC and LDAP plugins changes into account", \
                   self.__restart_dirsrv)
         self.step("adding fallback group", self.__add_fallback_group)
+        self.step("adding Default Trust View", self.__add_default_trust_view)
         self.step("setting SELinux booleans", \
                   self.__configure_selinux_for_smbd)
         self.step("starting CIFS services", self.__start)
-- 
cgit