diff options
author | Rob Crittenden <rcritten@redhat.com> | 2011-02-01 14:24:46 -0500 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2011-02-02 10:00:38 -0500 |
commit | 275998f6bde90c253d935c2f2724538b64cbd618 (patch) | |
tree | bd2840606a906276d21e646eae47db49f7adb6c2 /ipaserver | |
parent | f3d04bfc405753b3c6a11a53ec6b2ccc99e8bf09 (diff) | |
download | freeipa-275998f6bde90c253d935c2f2724538b64cbd618.tar.gz freeipa-275998f6bde90c253d935c2f2724538b64cbd618.tar.xz freeipa-275998f6bde90c253d935c2f2724538b64cbd618.zip |
Add support for tracking and counting entitlements
Adds a plugin, entitle, to register to the entitlement server, consume
entitlements and to count and track them. It is also possible to
import an entitlement certificate (if for example the remote entitlement
server is unaviailable).
This uses the candlepin server from https://fedorahosted.org/candlepin/wiki
for entitlements.
Add a cron job to validate the entitlement status and syslog the results.
tickets 28, 79, 278
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/plugins/ldap2.py | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index f540880b..b03c8def 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -683,6 +683,20 @@ class ldap2(CrudBackend, Encoder): return False + @encode_args(1, 2) + def can_read(self, dn, attr): + """Returns True/False if the currently bound user has read permissions + on the attribute. This only operates on a single attribute at a time. + """ + (dn, attrs) = self.get_effective_rights(dn, [attr]) + if 'attributelevelrights' in attrs: + attr_rights = attrs.get('attributelevelrights')[0].decode('UTF-8') + (attr, rights) = attr_rights.split(':') + if 'r' in rights: + return True + + return False + # # Entry-level effective rights # |