From c7789199f9541844bf8c36a85311ba957a1c1dcb Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Mon, 10 Jan 2011 14:21:45 -0500 Subject: Fix output of failed managedby hosts, allow a host to manage itself. The output problem was a missing label for failed managedby. This also fixes a call to print_entry that was missing the flags argument. Add a flag to specify whether a group can be a member of itself, defaulting to False. ticket 708 --- ipalib/cli.py | 4 ++-- ipalib/plugins/baseldap.py | 3 ++- ipalib/plugins/host.py | 5 +++++ ipaserver/plugins/ldap2.py | 12 +++++++++--- 4 files changed, 18 insertions(+), 6 deletions(-) diff --git a/ipalib/cli.py b/ipalib/cli.py index 892db8081..c5fea8f28 100644 --- a/ipalib/cli.py +++ b/ipalib/cli.py @@ -360,7 +360,7 @@ class textui(backend.Backend): continue self.print_indented(format % (label, ''), indent) self.print_entry( - value, order, labels, print_all, format, + value, order, labels, flags, print_all, format, indent=indent+1 ) else: @@ -764,7 +764,7 @@ class help(frontend.Local): mcl = self._topics[t][2][topic][1] commands = self._topics[t][2][topic][2] break - + m = '%s.%s' % (self._PLUGIN_BASE_MODULE, topic) doc = (sys.modules[m].__doc__ or '').strip() diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index fbe4fcece..e7ccb7724 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -1002,6 +1002,7 @@ class LDAPAddMember(LDAPModMember): """ member_param_doc = 'comma-separated list of %s to add' member_count_out = ('%i member added.', '%i members added.') + allow_same = False has_output = ( output.Entry('result'), @@ -1039,7 +1040,7 @@ class LDAPAddMember(LDAPModMember): if not m_dn: continue try: - ldap.add_entry_to_group(m_dn, dn, attr) + ldap.add_entry_to_group(m_dn, dn, attr, allow_same=self.allow_same) except errors.PublicError, e: ldap_obj = self.api.Object[ldap_obj_name] failed[attr][ldap_obj_name].append(( diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index 2abe70a12..f5dad59a9 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -133,6 +133,10 @@ host_output_params = ( ), Str('revocation_reason?', label=_('Revocation reason'), + ), + Str('managedby?', + label=_('Failed managedby'), + flags=['no_create', 'no_update'], ) ) @@ -726,6 +730,7 @@ class host_add_managedby(LDAPAddMember): """ member_attributes = ['managedby'] has_output_params = LDAPAddMember.has_output_params + host_output_params + allow_same = True api.register(host_add_managedby) diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index 77133aec2..a728199eb 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -802,8 +802,14 @@ class ldap2(CrudBackend, Encoder): except _ldap.LDAPError, e: _handle_errors(e, **{}) - def add_entry_to_group(self, dn, group_dn, member_attr='member'): - """Add entry to group.""" + def add_entry_to_group(self, dn, group_dn, member_attr='member', allow_same=False): + """ + Add entry designaed by dn to group group_dn in the member attribute + member_attr. + + Adding a group as a member of itself is not allowed unless allow_same + is True. + """ # check if the entry exists (dn, entry_attrs) = self.get_entry(dn, ['objectclass']) @@ -811,7 +817,7 @@ class ldap2(CrudBackend, Encoder): (group_dn, group_entry_attrs) = self.get_entry(group_dn, [member_attr]) # check if we're not trying to add group into itself - if dn == group_dn: + if dn == group_dn and not allow_same: raise errors.SameGroupError() # add dn to group entry's `member_attr` attribute -- cgit