From b216a7b6106be3a9e4b60144ca237dc3cedd8112 Mon Sep 17 00:00:00 2001 From: Ana Krivokapic Date: Tue, 12 Nov 2013 11:03:28 +0100 Subject: Add userClass attribute for users This new freeform user attribute will allow provisioning systems to add custom tags for user objects which can be later used for automember rules or for additional local interpretation. Design page: http://www.freeipa.org/page/V3/Integration_with_a_provisioning_systems https://fedorahosted.org/freeipa/ticket/3588 --- ipalib/plugins/user.py | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) (limited to 'ipalib/plugins/user.py') diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index 54d11c229..a7005faf1 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -198,14 +198,16 @@ class user(LDAPObject): object_name_plural = _('users') object_class = ['posixaccount'] object_class_config = 'ipauserobjectclasses' - possible_objectclasses = ['meporiginentry', 'ipauserauthtypeclass'] + possible_objectclasses = [ + 'meporiginentry', 'ipauserauthtypeclass', 'ipauser' + ] disallow_object_classes = ['krbticketpolicyaux'] search_attributes_config = 'ipausersearchfields' default_attributes = [ 'uid', 'givenname', 'sn', 'homedirectory', 'loginshell', 'uidnumber', 'gidnumber', 'mail', 'ou', 'telephonenumber', 'title', 'memberof', 'nsaccountlock', - 'memberofindirect', 'ipauserauthtype' + 'memberofindirect', 'ipauserauthtype', 'userclass' ] search_display_attributes = [ 'uid', 'givenname', 'sn', 'homedirectory', 'loginshell', @@ -372,6 +374,12 @@ class user(LDAPObject): values=(u'password',), csv=True, ), + Str('userclass*', + cli_name='class', + label=_('Class'), + doc=_('User category (semantics placed on this attribute are for ' + 'local interpretation)'), + ), ) def _normalize_and_validate_email(self, email, config=None): @@ -547,6 +555,11 @@ class user_add(LDAPCreate): if 'manager' in entry_attrs: entry_attrs['manager'] = self.obj._normalize_manager(entry_attrs['manager']) + if ('objectclass' in entry_attrs + and 'userclass' in entry_attrs + and 'ipauser' not in entry_attrs['objectclass']): + entry_attrs['objectclass'].append('ipauser') + return dn def post_callback(self, ldap, dn, entry_attrs, *keys, **options): @@ -640,7 +653,8 @@ class user_mod(LDAPUpdate): entry_attrs['userpassword'] = ipa_generate_password(user_pwdchars) # save the password so it can be displayed in post_callback setattr(context, 'randompassword', entry_attrs['userpassword']) - if 'ipasshpubkey' in entry_attrs or 'ipauserauthtype' in entry_attrs: + if ('ipasshpubkey' in entry_attrs or 'ipauserauthtype' in entry_attrs + or 'userclass' in entry_attrs): if 'objectclass' in entry_attrs: obj_classes = entry_attrs['objectclass'] else: @@ -650,6 +664,8 @@ class user_mod(LDAPUpdate): obj_classes.append('ipasshuser') if 'ipauserauthtype' in entry_attrs and 'ipauserauthtype' not in obj_classes: obj_classes.append('ipauserauthtypeclass') + if 'userclass' in entry_attrs and 'ipauser' not in obj_classes: + obj_classes.append('ipauser') return dn def post_callback(self, ldap, dn, entry_attrs, *keys, **options): -- cgit