From 93290c8a72bcd5c4ab34eedf0ec443469b36f8c1 Mon Sep 17 00:00:00 2001 From: Pavel Zuna Date: Wed, 27 Oct 2010 13:04:06 -0400 Subject: Add LDAPObject setting to handle different attributes for RDN and PKEY. --- ipalib/plugins/baseldap.py | 50 ++++++++++++++++++++++++++++++++++++++++------ ipalib/plugins/hbac.py | 26 ++---------------------- ipalib/plugins/netgroup.py | 25 +---------------------- ipalib/plugins/sudorule.py | 11 +--------- 4 files changed, 48 insertions(+), 64 deletions(-) (limited to 'ipalib') diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 2445ef7f..40f9d6a5 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -73,18 +73,31 @@ class LDAPObject(Object): search_attributes_config = None default_attributes = [] hidden_attributes = ['objectclass', 'aci'] + # set rdn_attribute only if RDN attribute differs from primary key! + rdn_attribute = '' uuid_attribute = '' attribute_members = {} container_not_found_msg = _('container entry (%(container)s) not found') parent_not_found_msg = _('%(parent)s: %(oname)s not found') object_not_found_msg = _('%(pkey)s: %(oname)s not found') + already_exists_msg = _('%(oname)s with name "%(pkey)s" already exists') def get_dn(self, *keys, **kwargs): if self.parent_object: parent_dn = self.api.Object[self.parent_object].get_dn(*keys[:-1]) else: parent_dn = self.container_dn + if self.rdn_attribute: + try: + (dn, entry_attrs) = self.backend.find_entry_by_attr( + self.primary_key.name, keys[-1], self.object_class, [''], + self.container_dn + ) + except errors.NotFound: + pass + else: + return dn if self.primary_key and keys[-1] is not None: return self.backend.make_dn_from_attr( self.primary_key.name, keys[-1], parent_dn @@ -92,6 +105,14 @@ class LDAPObject(Object): return parent_dn def get_primary_key_from_dn(self, dn): + if self.rdn_attribute: + (dn, entry_attrs) = self.backend.get_entry( + dn, [self.primary_key.name] + ) + try: + return entry_attrs[pkey][0] + except (KeyError, IndexError): + return '' return dn[len(self.primary_key.name) + 1:dn.find(',')] def get_ancestor_primary_keys(self): @@ -131,7 +152,7 @@ class LDAPObject(Object): 'parent_object', 'container_dn', 'object_name', 'object_name_plural', 'object_class', 'object_class_config', 'default_attributes', 'label', 'hidden_attributes', 'uuid_attribute', 'attribute_members', 'name', - 'takes_params', + 'takes_params', 'rdn_attribute', ) def __json__(self): json_dict = dict( @@ -254,8 +275,6 @@ class LDAPCreate(CallbackInterface, crud.Create): def execute(self, *keys, **options): ldap = self.obj.backend - dn = self.obj.get_dn(*keys, **options) - entry_attrs = self.args_options_2_entry(*keys, **options) entry_attrs['objectclass'] = self.obj.object_class @@ -268,6 +287,19 @@ class LDAPCreate(CallbackInterface, crud.Create): if self.obj.uuid_attribute: entry_attrs[self.obj.uuid_attribute] = 'autogenerate' + dn = self.obj.get_dn(*keys, **options) + if self.obj.rdn_attribute: + if not dn.startswith('%s=' % self.obj.primary_key.name): + raise errors.DuplicateEntry( + message=self.obj.already_exists_msg % { + 'oname': self.obj.object_name, + 'pkey': keys[-1], + } + ) + dn = ldap.make_dn( + entry_attrs, self.obj.rdn_attribute, self.obj.container_dn + ) + if options.get('all', False): attrs_list = ['*'] else: @@ -311,9 +343,15 @@ class LDAPCreate(CallbackInterface, crud.Create): ) try: - (dn, entry_attrs) = ldap.get_entry( - dn, attrs_list, normalize=self.obj.normalize_dn - ) + if self.obj.rdn_attribute: + (dn, entry_attrs) = ldap.find_entry_by_attr( + self.obj.primary_key.name, keys[-1], None, attrs_list, + self.obj.container_dn + ) + else: + (dn, entry_attrs) = ldap.get_entry( + dn, attrs_list, normalize=self.obj.normalize_dn + ) except errors.ExecutionError, e: try: (dn, entry_attrs) = self._call_exc_callbacks( diff --git a/ipalib/plugins/hbac.py b/ipalib/plugins/hbac.py index 55d9d912..d00bcc08 100644 --- a/ipalib/plugins/hbac.py +++ b/ipalib/plugins/hbac.py @@ -108,6 +108,7 @@ class hbac(LDAPObject): 'memberhostgroup', ] uuid_attribute = 'ipauniqueid' + rdn_attribute = 'ipauniqueid' attribute_members = { 'memberuser': ['user', 'group'], 'memberhost': ['host', 'hostgroup'], @@ -192,24 +193,6 @@ class hbac(LDAPObject): ), ) - def get_dn(self, *keys, **kwargs): - try: - (dn, entry_attrs) = self.backend.find_entry_by_attr( - self.primary_key.name, keys[-1], self.object_class, [''], - self.container_dn - ) - except errors.NotFound: - dn = super(hbac, self).get_dn(*keys, **kwargs) - return dn - - def get_primary_key_from_dn(self, dn): - pkey = self.primary_key.name - (dn, entry_attrs) = self.backend.get_entry(dn, [pkey]) - try: - return entry_attrs[pkey][0] - except (KeyError, IndexError): - return '' - api.register(hbac) @@ -218,14 +201,9 @@ class hbac_add(LDAPCreate): Create a new HBAC rule. """ def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): - if not dn.startswith('cn='): - msg = 'HBAC rule with name "%s" already exists' % keys[-1] - raise errors.DuplicateEntry(message=msg) # HBAC rules are enabled by default entry_attrs['ipaenabledflag'] = 'TRUE' - return ldap.make_dn( - entry_attrs, self.obj.uuid_attribute, self.obj.container_dn - ) + return dn api.register(hbac_add) diff --git a/ipalib/plugins/netgroup.py b/ipalib/plugins/netgroup.py index 144505be..9edc45e5 100644 --- a/ipalib/plugins/netgroup.py +++ b/ipalib/plugins/netgroup.py @@ -76,6 +76,7 @@ class netgroup(LDAPObject): 'nisdomainname', 'memberuser', 'memberhost', ] uuid_attribute = 'ipauniqueid' + rdn_attribute = 'ipauniqueid' attribute_members = { 'memberof': ['netgroup'], 'memberuser': ['user', 'group'], @@ -108,24 +109,6 @@ class netgroup(LDAPObject): ), ) - def get_dn(self, *keys, **kwargs): - try: - (dn, entry_attrs) = self.backend.find_entry_by_attr( - self.primary_key.name, keys[-1], self.object_class, [''], - self.container_dn - ) - except errors.NotFound: - dn = super(netgroup, self).get_dn(*keys, **kwargs) - return dn - - def get_primary_key_from_dn(self, dn): - pkey = self.primary_key.name - (dn, entry_attrs) = self.backend.get_entry(dn, [pkey]) - try: - return entry_attrs[pkey][0] - except (KeyError, IndexError): - return '' - api.register(netgroup) @@ -135,13 +118,7 @@ class netgroup_add(LDAPCreate): """ has_output_params = output_params def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): - if not dn.startswith('cn='): - msg = 'netgroup with name "%s" already exists' % keys[-1] - raise errors.DuplicateEntry(message=msg) entry_attrs.setdefault('nisdomainname', self.api.env.domain) - dn = ldap.make_dn( - entry_attrs, self.obj.uuid_attribute, self.obj.container_dn - ) return dn api.register(netgroup_add) diff --git a/ipalib/plugins/sudorule.py b/ipalib/plugins/sudorule.py index 434e23ab..0bdf982e 100644 --- a/ipalib/plugins/sudorule.py +++ b/ipalib/plugins/sudorule.py @@ -38,6 +38,7 @@ class sudorule(LDAPObject): ] uuid_attribute = 'ipauniqueid' + rdn_attribute = 'ipauniqueid' attribute_members = { 'memberuser': ['user', 'group'], 'memberhost': ['host', 'hostgroup'], @@ -88,16 +89,6 @@ class sudorule(LDAPObject): ) - def get_dn(self, *keys, **kwargs): - try: - (dn, entry_attrs) = self.backend.find_entry_by_attr( - self.primary_key.name, keys[-1], self.object_class, [''], - self.container_dn - ) - except errors.NotFound: - dn = super(sudorule, self).get_dn(*keys, **kwargs) - return dn - api.register(sudorule) -- cgit