summaryrefslogtreecommitdiffstats
path: root/ipalib
diff options
context:
space:
mode:
Diffstat (limited to 'ipalib')
-rw-r--r--ipalib/plugins/baseldap.py50
-rw-r--r--ipalib/plugins/hbac.py26
-rw-r--r--ipalib/plugins/netgroup.py25
-rw-r--r--ipalib/plugins/sudorule.py11
4 files changed, 48 insertions, 64 deletions
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index 2445ef7f..40f9d6a5 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -73,18 +73,31 @@ class LDAPObject(Object):
search_attributes_config = None
default_attributes = []
hidden_attributes = ['objectclass', 'aci']
+ # set rdn_attribute only if RDN attribute differs from primary key!
+ rdn_attribute = ''
uuid_attribute = ''
attribute_members = {}
container_not_found_msg = _('container entry (%(container)s) not found')
parent_not_found_msg = _('%(parent)s: %(oname)s not found')
object_not_found_msg = _('%(pkey)s: %(oname)s not found')
+ already_exists_msg = _('%(oname)s with name "%(pkey)s" already exists')
def get_dn(self, *keys, **kwargs):
if self.parent_object:
parent_dn = self.api.Object[self.parent_object].get_dn(*keys[:-1])
else:
parent_dn = self.container_dn
+ if self.rdn_attribute:
+ try:
+ (dn, entry_attrs) = self.backend.find_entry_by_attr(
+ self.primary_key.name, keys[-1], self.object_class, [''],
+ self.container_dn
+ )
+ except errors.NotFound:
+ pass
+ else:
+ return dn
if self.primary_key and keys[-1] is not None:
return self.backend.make_dn_from_attr(
self.primary_key.name, keys[-1], parent_dn
@@ -92,6 +105,14 @@ class LDAPObject(Object):
return parent_dn
def get_primary_key_from_dn(self, dn):
+ if self.rdn_attribute:
+ (dn, entry_attrs) = self.backend.get_entry(
+ dn, [self.primary_key.name]
+ )
+ try:
+ return entry_attrs[pkey][0]
+ except (KeyError, IndexError):
+ return ''
return dn[len(self.primary_key.name) + 1:dn.find(',')]
def get_ancestor_primary_keys(self):
@@ -131,7 +152,7 @@ class LDAPObject(Object):
'parent_object', 'container_dn', 'object_name', 'object_name_plural',
'object_class', 'object_class_config', 'default_attributes', 'label',
'hidden_attributes', 'uuid_attribute', 'attribute_members', 'name',
- 'takes_params',
+ 'takes_params', 'rdn_attribute',
)
def __json__(self):
json_dict = dict(
@@ -254,8 +275,6 @@ class LDAPCreate(CallbackInterface, crud.Create):
def execute(self, *keys, **options):
ldap = self.obj.backend
- dn = self.obj.get_dn(*keys, **options)
-
entry_attrs = self.args_options_2_entry(*keys, **options)
entry_attrs['objectclass'] = self.obj.object_class
@@ -268,6 +287,19 @@ class LDAPCreate(CallbackInterface, crud.Create):
if self.obj.uuid_attribute:
entry_attrs[self.obj.uuid_attribute] = 'autogenerate'
+ dn = self.obj.get_dn(*keys, **options)
+ if self.obj.rdn_attribute:
+ if not dn.startswith('%s=' % self.obj.primary_key.name):
+ raise errors.DuplicateEntry(
+ message=self.obj.already_exists_msg % {
+ 'oname': self.obj.object_name,
+ 'pkey': keys[-1],
+ }
+ )
+ dn = ldap.make_dn(
+ entry_attrs, self.obj.rdn_attribute, self.obj.container_dn
+ )
+
if options.get('all', False):
attrs_list = ['*']
else:
@@ -311,9 +343,15 @@ class LDAPCreate(CallbackInterface, crud.Create):
)
try:
- (dn, entry_attrs) = ldap.get_entry(
- dn, attrs_list, normalize=self.obj.normalize_dn
- )
+ if self.obj.rdn_attribute:
+ (dn, entry_attrs) = ldap.find_entry_by_attr(
+ self.obj.primary_key.name, keys[-1], None, attrs_list,
+ self.obj.container_dn
+ )
+ else:
+ (dn, entry_attrs) = ldap.get_entry(
+ dn, attrs_list, normalize=self.obj.normalize_dn
+ )
except errors.ExecutionError, e:
try:
(dn, entry_attrs) = self._call_exc_callbacks(
diff --git a/ipalib/plugins/hbac.py b/ipalib/plugins/hbac.py
index 55d9d912..d00bcc08 100644
--- a/ipalib/plugins/hbac.py
+++ b/ipalib/plugins/hbac.py
@@ -108,6 +108,7 @@ class hbac(LDAPObject):
'memberhostgroup',
]
uuid_attribute = 'ipauniqueid'
+ rdn_attribute = 'ipauniqueid'
attribute_members = {
'memberuser': ['user', 'group'],
'memberhost': ['host', 'hostgroup'],
@@ -192,24 +193,6 @@ class hbac(LDAPObject):
),
)
- def get_dn(self, *keys, **kwargs):
- try:
- (dn, entry_attrs) = self.backend.find_entry_by_attr(
- self.primary_key.name, keys[-1], self.object_class, [''],
- self.container_dn
- )
- except errors.NotFound:
- dn = super(hbac, self).get_dn(*keys, **kwargs)
- return dn
-
- def get_primary_key_from_dn(self, dn):
- pkey = self.primary_key.name
- (dn, entry_attrs) = self.backend.get_entry(dn, [pkey])
- try:
- return entry_attrs[pkey][0]
- except (KeyError, IndexError):
- return ''
-
api.register(hbac)
@@ -218,14 +201,9 @@ class hbac_add(LDAPCreate):
Create a new HBAC rule.
"""
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
- if not dn.startswith('cn='):
- msg = 'HBAC rule with name "%s" already exists' % keys[-1]
- raise errors.DuplicateEntry(message=msg)
# HBAC rules are enabled by default
entry_attrs['ipaenabledflag'] = 'TRUE'
- return ldap.make_dn(
- entry_attrs, self.obj.uuid_attribute, self.obj.container_dn
- )
+ return dn
api.register(hbac_add)
diff --git a/ipalib/plugins/netgroup.py b/ipalib/plugins/netgroup.py
index 144505be..9edc45e5 100644
--- a/ipalib/plugins/netgroup.py
+++ b/ipalib/plugins/netgroup.py
@@ -76,6 +76,7 @@ class netgroup(LDAPObject):
'nisdomainname', 'memberuser', 'memberhost',
]
uuid_attribute = 'ipauniqueid'
+ rdn_attribute = 'ipauniqueid'
attribute_members = {
'memberof': ['netgroup'],
'memberuser': ['user', 'group'],
@@ -108,24 +109,6 @@ class netgroup(LDAPObject):
),
)
- def get_dn(self, *keys, **kwargs):
- try:
- (dn, entry_attrs) = self.backend.find_entry_by_attr(
- self.primary_key.name, keys[-1], self.object_class, [''],
- self.container_dn
- )
- except errors.NotFound:
- dn = super(netgroup, self).get_dn(*keys, **kwargs)
- return dn
-
- def get_primary_key_from_dn(self, dn):
- pkey = self.primary_key.name
- (dn, entry_attrs) = self.backend.get_entry(dn, [pkey])
- try:
- return entry_attrs[pkey][0]
- except (KeyError, IndexError):
- return ''
-
api.register(netgroup)
@@ -135,13 +118,7 @@ class netgroup_add(LDAPCreate):
"""
has_output_params = output_params
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
- if not dn.startswith('cn='):
- msg = 'netgroup with name "%s" already exists' % keys[-1]
- raise errors.DuplicateEntry(message=msg)
entry_attrs.setdefault('nisdomainname', self.api.env.domain)
- dn = ldap.make_dn(
- entry_attrs, self.obj.uuid_attribute, self.obj.container_dn
- )
return dn
api.register(netgroup_add)
diff --git a/ipalib/plugins/sudorule.py b/ipalib/plugins/sudorule.py
index 434e23ab..0bdf982e 100644
--- a/ipalib/plugins/sudorule.py
+++ b/ipalib/plugins/sudorule.py
@@ -38,6 +38,7 @@ class sudorule(LDAPObject):
]
uuid_attribute = 'ipauniqueid'
+ rdn_attribute = 'ipauniqueid'
attribute_members = {
'memberuser': ['user', 'group'],
'memberhost': ['host', 'hostgroup'],
@@ -88,16 +89,6 @@ class sudorule(LDAPObject):
)
- def get_dn(self, *keys, **kwargs):
- try:
- (dn, entry_attrs) = self.backend.find_entry_by_attr(
- self.primary_key.name, keys[-1], self.object_class, [''],
- self.container_dn
- )
- except errors.NotFound:
- dn = super(sudorule, self).get_dn(*keys, **kwargs)
- return dn
-
api.register(sudorule)