diff options
author | rcritten@redhat.com <rcritten@redhat.com> | 2007-10-02 16:56:51 -0400 |
---|---|---|
committer | rcritten@redhat.com <rcritten@redhat.com> | 2007-10-02 16:56:51 -0400 |
commit | 6aa72b44e42ac02487d5dcd08a67940e10dd1ac6 (patch) | |
tree | 4f0421e3a761e0d7eb77db32260990394a0b6aa0 | |
parent | cfac4acf9fb152d685e342bd5adabb5ec2fa2c74 (diff) | |
download | freeipa-6aa72b44e42ac02487d5dcd08a67940e10dd1ac6.tar.gz freeipa-6aa72b44e42ac02487d5dcd08a67940e10dd1ac6.tar.xz freeipa-6aa72b44e42ac02487d5dcd08a67940e10dd1ac6.zip |
Do group operations based on the group DN, not the CN
Add new class of errors for connections
Raise an exception if a connection cannot be made due to missing ccache
-rw-r--r-- | ipa-admintools/ipa-findgroup | 2 | ||||
-rw-r--r-- | ipa-admintools/ipa-groupmod | 25 | ||||
-rw-r--r-- | ipa-python/ipaerror.py | 17 | ||||
-rw-r--r-- | ipa-server/xmlrpc-server/funcs.py | 61 |
4 files changed, 66 insertions, 39 deletions
diff --git a/ipa-admintools/ipa-findgroup b/ipa-admintools/ipa-findgroup index 082e6e50..7d5a3166 100644 --- a/ipa-admintools/ipa-findgroup +++ b/ipa-admintools/ipa-findgroup @@ -28,7 +28,7 @@ import xmlrpclib import kerberos def usage(): - print "ipa-findgroup <uid>" + print "ipa-findgroup <group_name>" sys.exit() def parse_options(): diff --git a/ipa-admintools/ipa-groupmod b/ipa-admintools/ipa-groupmod index f3de9263..e0e95307 100644 --- a/ipa-admintools/ipa-groupmod +++ b/ipa-admintools/ipa-groupmod @@ -54,6 +54,15 @@ def parse_options(): return options, args +def get_group(client, group_cn): + try: + group = client.get_group_by_cn(group_cn) + except ipa.ipaerror.IPAError, e: + print "%s" % e.message + return None + + return group + def main(): group=ipa.group.Group() options, args = parse_options() @@ -66,16 +75,20 @@ def main(): try: client = ipaclient.IPAClient() if options.add: - client.add_user_to_group(args[1], args[2]) + group = get_group(client, args[2]) + if group is None: + return 1 + client.add_user_to_group(args[1], group.dn) print args[1] + " successfully added to " + args[2] elif options.remove: - client.remove_user_from_group(args[1], args[2]) + group = get_group(client, args[2]) + if group is None: + return 1 + client.remove_user_from_group(args[1], group.dn) print args[1] + " successfully removed" elif options.desc: - try: - group = client.get_group_by_cn(args[1]) - except ipa.ipaerror.IPAError, e: - print "%s" % e.message + group = get_group(client, args[1]) + if group is None: return 1 group.setValue('description', options.desc) client.update_group(group) diff --git a/ipa-python/ipaerror.py b/ipa-python/ipaerror.py index efcd855f..67bd96dc 100644 --- a/ipa-python/ipaerror.py +++ b/ipa-python/ipaerror.py @@ -108,7 +108,7 @@ LDAP_NOT_FOUND = gen_error_code( LDAP_DUPLICATE = gen_error_code( LDAP_CATEGORY, 0x0004, - "Duplicate entry already in LDAP") + "This entry already exists") LDAP_MISSING_DN = gen_error_code( LDAP_CATEGORY, @@ -129,3 +129,18 @@ INPUT_INVALID_ERROR = gen_error_code( INPUT_CATEGORY, 0x0001, "Illegal input") + +# +# Connection errors +# +CONNECTION_CATEGORY = 0x0003 + +CONNECTION_NO_CONN = gen_error_code( + CONNECTION_CATEGORY, + 0x0001, + "Connection to database failed") + +CONNECTION_NO_CCACHE = gen_error_code( + CONNECTION_CATEGORY, + 0x0002, + "No Kerberos credentials cache is available. Connection cannot be made.") diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py index de089b61..129e8f9b 100644 --- a/ipa-server/xmlrpc-server/funcs.py +++ b/ipa-server/xmlrpc-server/funcs.py @@ -165,16 +165,15 @@ class IPAServer: bindcert = None bindkey = None port = self.port -# Fallback to use proxy authentication. We no longer support this method -# else: -# bindca = self.bindca -# bindcert = self.bindcert -# bindkey = self.bindkey -# port = self.sslport else: - return None + raise ipaerror.gen_exception(ipaerror.CONNECTION_NO_CCACHE) - return _LDAPPool.getConn(self.host,port,bindca,bindcert,bindkey,proxy_dn,krbccache,debug) + conn = _LDAPPool.getConn(self.host,port,bindca,bindcert,bindkey,proxy_dn,krbccache,debug) + + if conn is None: + raise ipaerror.gen_exception(ipaerror.CONNECTION_NO_CONN) + + return conn def releaseConnection(self, conn): global _LDAPPool @@ -740,11 +739,11 @@ class IPAServer: return groups - def add_member_to_group(self, member_dn, group_cn, opts=None): + def add_member_to_group(self, member_dn, group_dn, opts=None): """Add a member to an existing group. """ - old_group = self.get_group_by_cn(group_cn, None, opts) + old_group = self.get_group_by_dn(group_dn, None, opts) if old_group is None: raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND) new_group = copy.deepcopy(old_group) @@ -765,7 +764,7 @@ class IPAServer: raise return ret - def add_members_to_group(self, member_dns, group_cn, opts=None): + def add_members_to_group(self, member_dns, group_dn, opts=None): """Given a list of dn's, add them to the group cn denoted by group Returns a list of the member_dns that were not added to the group. """ @@ -777,7 +776,7 @@ class IPAServer: for member_dn in member_dns: try: - self.add_member_to_group(member_dn, group_cn, opts) + self.add_member_to_group(member_dn, group_dn, opts) except ipaerror.exception_for(ipaerror.LDAP_EMPTY_MODLIST): # User is already in the group failed.append(member_dn) @@ -787,11 +786,11 @@ class IPAServer: return failed - def remove_member_from_group(self, member_dn, group_cn, opts=None): + def remove_member_from_group(self, member_dn, group_dn, opts=None): """Remove a member_dn from an existing group. """ - old_group = self.get_group_by_cn(group_cn, None, opts) + old_group = self.get_group_by_dn(group_dn, None, opts) if old_group is None: raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND) new_group = copy.deepcopy(old_group) @@ -816,7 +815,7 @@ class IPAServer: raise return ret - def remove_members_from_group(self, member_dns, group_cn, opts=None): + def remove_members_from_group(self, member_dns, group_dn, opts=None): """Given a list of member dn's remove them from the group. Returns a list of the members not removed from the group. """ @@ -828,7 +827,7 @@ class IPAServer: for member_dn in member_dns: try: - self.remove_member_from_group(member_dn, group_cn, opts) + self.remove_member_from_group(member_dn, group_dn, opts) except ipaerror.exception_for(ipaerror.LDAP_EMPTY_MODLIST): # member is not in the group failed.append(member_dn) @@ -838,7 +837,7 @@ class IPAServer: return failed - def add_user_to_group(self, user_uid, group_cn, opts=None): + def add_user_to_group(self, user_uid, group_dn, opts=None): """Add a user to an existing group. """ @@ -846,9 +845,9 @@ class IPAServer: if user is None: raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND) - return self.add_member_to_group(user['dn'], group_cn, opts) + return self.add_member_to_group(user['dn'], group_dn, opts) - def add_users_to_group(self, user_uids, group_cn, opts=None): + def add_users_to_group(self, user_uids, group_dn, opts=None): """Given a list of user uid's add them to the group cn denoted by group Returns a list of the users were not added to the group. """ @@ -860,7 +859,7 @@ class IPAServer: for user_uid in user_uids: try: - self.add_user_to_group(user_uid, group_cn, opts) + self.add_user_to_group(user_uid, group_dn, opts) except ipaerror.exception_for(ipaerror.LDAP_EMPTY_MODLIST): # User is already in the group failed.append(user_uid) @@ -870,7 +869,7 @@ class IPAServer: return failed - def remove_user_from_group(self, user_uid, group_cn, opts=None): + def remove_user_from_group(self, user_uid, group_dn, opts=None): """Remove a user from an existing group. """ @@ -878,9 +877,9 @@ class IPAServer: if user is None: raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND) - return self.remove_member_from_group(user['dn'], group_cn, opts) + return self.remove_member_from_group(user['dn'], group_dn, opts) - def remove_users_from_group(self, user_uids, group_cn, opts=None): + def remove_users_from_group(self, user_uids, group_dn, opts=None): """Given a list of user uid's remove them from the group Returns a list of the user uids not removed from the group. """ @@ -892,7 +891,7 @@ class IPAServer: for user_uid in user_uids: try: - self.remove_user_from_group(user_uid, group_cn, opts) + self.remove_user_from_group(user_uid, group_dn, opts) except ipaerror.exception_for(ipaerror.LDAP_EMPTY_MODLIST): # User is not in the group failed.append(user_uid) @@ -956,14 +955,14 @@ class IPAServer: """Update a group in LDAP""" return self.__update_entry(oldgroup, newgroup, opts) - def delete_group (self, group_cn, opts=None): + def delete_group (self, group_dn, opts=None): """Delete a group - group_cn is the cn of the group to delete + group_dn is the DN of the group to delete The memberOf plugin handles removing the group from any other groups. """ - group = self.get_group_by_cn(group_cn, ['dn', 'cn'], opts) + group = self.get_group_by_dn(group_dn, ['dn', 'cn'], opts) if len(group) != 1: raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND) @@ -977,16 +976,16 @@ class IPAServer: def add_group_to_group(self, group, tgroup, opts=None): """Add a user to an existing group. - group is a cn of the group to add - tgroup is the cn of the group to be added to + group is a DN of the group to add + tgroup is the DN of the target group to be added to """ - old_group = self.get_group_by_cn(tgroup, None, opts) + old_group = self.get_group_by_dn(tgroup, None, opts) if old_group is None: raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND) new_group = copy.deepcopy(old_group) - group_dn = self.get_group_by_cn(group, ['dn', 'cn', 'objectclass'], opts) + group_dn = self.get_group_by_dn(group, ['dn', 'cn', 'objectclass'], opts) if group_dn is None: raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND) |