From 2934160b9cc00e0da84b9837e3bf983f42356662 Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Tue, 16 Jul 2013 15:17:23 +0200 Subject: Refactor the interactive prompt logic in idrange_add Make the interactive prompts interpret the following logic: - AD range (dom-sid/dom-name set): require RID base if not set - local range(dom-sid/dom-name not set): a) server with adtrust support: require both RID base and secondary RID base b) server without adtrust support: if any of RID base, secondary RID base set, require both of them https://fedorahosted.org/freeipa/ticket/3786 --- ipalib/plugins/idrange.py | 61 ++++++++++++++++++++++++++--------------------- 1 file changed, 34 insertions(+), 27 deletions(-) (limited to 'ipalib/plugins/idrange.py') diff --git a/ipalib/plugins/idrange.py b/ipalib/plugins/idrange.py index 06fcc4fc7..cf74a75ff 100644 --- a/ipalib/plugins/idrange.py +++ b/ipalib/plugins/idrange.py @@ -394,40 +394,47 @@ class idrange_add(LDAPCreate): dom_sid_set = any(dom_id in kw for dom_id in ('ipanttrusteddomainname', 'ipanttrusteddomainsid')) - rid_base_set = 'ipabaserid' in kw - secondary_rid_base_set = 'ipasecondarybaserid' in kw + rid_base = kw.get('ipabaserid', None) + secondary_rid_base = kw.get('ipasecondarybaserid', None) - # Prompt for RID base if domain SID / name was given - if dom_sid_set and not rid_base_set: - value = self.prompt_param(self.params['ipabaserid']) - kw.update(dict(ipabaserid=value)) + def set_from_prompt(param): + value = self.prompt_param(self.params[param]) + update = {param: value} + kw.update(update) - if not dom_sid_set: - # Prompt for secondary RID base if RID base was given - if rid_base_set and not secondary_rid_base_set: - value = self.prompt_param(self.params['ipasecondarybaserid']) - kw.update(dict(ipasecondarybaserid=value)) + if dom_sid_set: + # This is a trusted range - # Symetrically, prompt for RID base if secondary RID base was given - if not rid_base_set and secondary_rid_base_set: - value = self.prompt_param(self.params['ipabaserid']) - kw.update(dict(ipabaserid=value)) + # Prompt for RID base if domain SID / name was given + if rid_base is None: + set_from_prompt('ipabaserid') - # Prompt for rid-base and secondary-rid-base if ipa-adtrust-install - # has been run on the system - adtrust_is_enabled = api.Command['adtrust_is_enabled']()['result'] + else: + # This is a local range + # Find out whether ipa-adtrust-install has been ran + adtrust_is_enabled = api.Command['adtrust_is_enabled']()['result'] - if adtrust_is_enabled: - rid_base = kw.get('ipabaserid', None) - secondary_rid_base = kw.get('ipasecondarybaserid', None) + if adtrust_is_enabled: + # If ipa-adtrust-install has been ran, all local ranges + # require both RID base and secondary RID base - if rid_base is None: - value = self.prompt_param(self.params['ipabaserid']) - kw.update(dict(ipabaserid=value)) + if rid_base is None: + set_from_prompt('ipabaserid') + + if secondary_rid_base is None: + set_from_prompt('ipasecondarybaserid') + + else: + # This is a local range on a server with no adtrust support + + # Prompt for secondary RID base only if RID base was given + if rid_base is not None and secondary_rid_base is None: + set_from_prompt('ipasecondarybaserid') - if secondary_rid_base is None: - value = self.prompt_param(self.params['ipasecondarybaserid']) - kw.update(dict(ipasecondarybaserid=value)) + # Symetrically, prompt for RID base if secondary RID base was + # given + if rid_base is None and secondary_rid_base is not None: + set_from_prompt('ipabaserid') def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): assert isinstance(dn, DN) -- cgit