diff options
author | Rob Crittenden <rcritten@redhat.com> | 2007-11-20 22:45:29 -0500 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2007-11-20 22:45:29 -0500 |
commit | f42f1f44c81e15ac9ecbc6684cbc4dfc9395fd42 (patch) | |
tree | 5e3907c33efe15f9a7f04bc973a341d0851b6dd4 /ipa-python/ipaclient.py | |
parent | 56d67b86e18112c9f059e7bcd3ac51fc21f941af (diff) | |
download | freeipa-f42f1f44c81e15ac9ecbc6684cbc4dfc9395fd42.tar.gz freeipa-f42f1f44c81e15ac9ecbc6684cbc4dfc9395fd42.tar.xz freeipa-f42f1f44c81e15ac9ecbc6684cbc4dfc9395fd42.zip |
Enable group inactivation by using the Class of Service plugin.
This adds 2 new groups: activated and inactivated.
If you, or a group you are a member of, is in inactivated then you are too.
If you, or a group you are a member of, is in the activated group, then you
are too.
In a fight between activated and inactivated, activated wins.
The DNs for doing this matching is case and white space sensitive.
The goal is to never have to actually set nsAccountLock in a user directly
but move them between these groups.
We need to decide where in the CLI this will happen. Right it is split
between ipa-deluser and ipa-usermod. To inactivate groups for now just
add the group to inactivate or active.
Diffstat (limited to 'ipa-python/ipaclient.py')
-rw-r--r-- | ipa-python/ipaclient.py | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/ipa-python/ipaclient.py b/ipa-python/ipaclient.py index f8c70974..0eeb2f36 100644 --- a/ipa-python/ipaclient.py +++ b/ipa-python/ipaclient.py @@ -177,10 +177,16 @@ class IPAClient: return result - def mark_user_deleted(self,uid): + def mark_user_active(self,uid): + """Set a user as active by uid.""" + + result = self.transport.mark_user_active(uid) + return result + + def mark_user_inactive(self,uid): """Set a user as inactive by uid.""" - result = self.transport.mark_user_deleted(uid) + result = self.transport.mark_user_inactive(uid) return result # Groups support @@ -335,6 +341,20 @@ class IPAClient: entries.append(user.User(e)) return entries + + def mark_group_active(self,cn): + """Set a group as active by cn.""" + + result = self.transport.mark_group_active(cn) + return result + + def mark_group_inactive(self,cn): + """Set a group as inactive by cn.""" + + result = self.transport.mark_group_inactive(cn) + return result + +# Configuration def get_ipa_config(self): """Get the IPA configuration""" |