Enable group inactivation by using the Class of Service plugin.

This adds 2 new groups: activated and inactivated.

If you, or a group you are a member of, is in inactivated then you are too.

If you, or a group you are a member of, is in the activated group, then you
are too.

In a fight between activated and inactivated, activated wins.

The DNs for doing this matching is case and white space sensitive.

The goal is to never have to actually set nsAccountLock in a user directly
but move them between these groups.

We need to decide where in the CLI this will happen. Right it is split
between ipa-deluser and ipa-usermod. To inactivate groups for now just
add the group to inactivate or active.

1 files changed, 45 insertions, 3 deletions

diff --git a/ipa-python/rpcclient.py b/ipa-python/rpcclient.py
index c4ca2ff3..d4c3dcc8 100644
--- a/ipa-python/rpcclient.py
+++ b/ipa-python/rpcclient.py
@@ -318,12 +318,12 @@ class RPCClient:
 
         return result
 
-    def mark_user_deleted(self,uid):
-        """Mark a user as deleted/inactive"""
+    def mark_user_active(self,uid):
+        """Mark a user as active"""
         server = self.setup_server()
     
         try:
-            result = server.mark_user_deleted(uid)
+            result = server.mark_user_active(uid)
         except xmlrpclib.Fault, fault:
             raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
         except socket.error, (value, msg):
@@ -331,6 +331,20 @@ class RPCClient:
 
         return ipautil.unwrap_binary_data(result)
 
+    def mark_user_inactive(self,uid):
+        """Mark a user as inactive"""
+        server = self.setup_server()
+    
+        try:
+            result = server.mark_user_inactive(uid)
+        except xmlrpclib.Fault, fault:
+            raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
+        except socket.error, (value, msg):
+            raise xmlrpclib.Fault(value, msg)
+
+        return ipautil.unwrap_binary_data(result)
+
+
 # Group support
 
     def get_groups_by_member(self,member_dn,sattrs=None):
@@ -601,6 +615,34 @@ class RPCClient:
 
         return ipautil.unwrap_binary_data(result)
 
+    def mark_group_active(self,cn):
+        """Mark a group as active"""
+        server = self.setup_server()
+    
+        try:
+            result = server.mark_group_active(cn)
+        except xmlrpclib.Fault, fault:
+            raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
+        except socket.error, (value, msg):
+            raise xmlrpclib.Fault(value, msg)
+
+        return ipautil.unwrap_binary_data(result)
+
+    def mark_group_inactive(self,cn):
+        """Mark a group as inactive"""
+        server = self.setup_server()
+    
+        try:
+            result = server.mark_group_inactive(cn)
+        except xmlrpclib.Fault, fault:
+            raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
+        except socket.error, (value, msg):
+            raise xmlrpclib.Fault(value, msg)
+
+        return ipautil.unwrap_binary_data(result)
+
+# Configuration support
+
     def get_ipa_config(self):
         """Get the IPA configuration"""
         server = self.setup_server()