diff options
| author | Tomas Babej <tbabej@redhat.com> | 2013-07-16 15:17:23 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2013-07-26 13:57:35 +0200 |
| commit | 2934160b9cc00e0da84b9837e3bf983f42356662 (patch) | |
| tree | fd37cbec23b3fc7d036b35435b552528c75fd19f | |
| parent | a789d70f395f4c5cb8bd26c7bde8e39f325fe3e0 (diff) | |
| download | freeipa.git-2934160b9cc00e0da84b9837e3bf983f42356662.tar.gz freeipa.git-2934160b9cc00e0da84b9837e3bf983f42356662.tar.xz freeipa.git-2934160b9cc00e0da84b9837e3bf983f42356662.zip | |
Refactor the interactive prompt logic in idrange_add
Make the interactive prompts interpret the following logic:
- AD range (dom-sid/dom-name set):
require RID base if not set
- local range(dom-sid/dom-name not set):
a) server with adtrust support:
require both RID base and secondary RID base
b) server without adtrust support:
if any of RID base, secondary RID base set,
require both of them
https://fedorahosted.org/freeipa/ticket/3786
| -rw-r--r-- | ipalib/plugins/idrange.py | 61 |
1 files changed, 34 insertions, 27 deletions
diff --git a/ipalib/plugins/idrange.py b/ipalib/plugins/idrange.py index 06fcc4fc..cf74a75f 100644 --- a/ipalib/plugins/idrange.py +++ b/ipalib/plugins/idrange.py @@ -394,40 +394,47 @@ class idrange_add(LDAPCreate): dom_sid_set = any(dom_id in kw for dom_id in ('ipanttrusteddomainname', 'ipanttrusteddomainsid')) - rid_base_set = 'ipabaserid' in kw - secondary_rid_base_set = 'ipasecondarybaserid' in kw + rid_base = kw.get('ipabaserid', None) + secondary_rid_base = kw.get('ipasecondarybaserid', None) - # Prompt for RID base if domain SID / name was given - if dom_sid_set and not rid_base_set: - value = self.prompt_param(self.params['ipabaserid']) - kw.update(dict(ipabaserid=value)) + def set_from_prompt(param): + value = self.prompt_param(self.params[param]) + update = {param: value} + kw.update(update) - if not dom_sid_set: - # Prompt for secondary RID base if RID base was given - if rid_base_set and not secondary_rid_base_set: - value = self.prompt_param(self.params['ipasecondarybaserid']) - kw.update(dict(ipasecondarybaserid=value)) + if dom_sid_set: + # This is a trusted range - # Symetrically, prompt for RID base if secondary RID base was given - if not rid_base_set and secondary_rid_base_set: - value = self.prompt_param(self.params['ipabaserid']) - kw.update(dict(ipabaserid=value)) + # Prompt for RID base if domain SID / name was given + if rid_base is None: + set_from_prompt('ipabaserid') - # Prompt for rid-base and secondary-rid-base if ipa-adtrust-install - # has been run on the system - adtrust_is_enabled = api.Command['adtrust_is_enabled']()['result'] + else: + # This is a local range + # Find out whether ipa-adtrust-install has been ran + adtrust_is_enabled = api.Command['adtrust_is_enabled']()['result'] - if adtrust_is_enabled: - rid_base = kw.get('ipabaserid', None) - secondary_rid_base = kw.get('ipasecondarybaserid', None) + if adtrust_is_enabled: + # If ipa-adtrust-install has been ran, all local ranges + # require both RID base and secondary RID base - if rid_base is None: - value = self.prompt_param(self.params['ipabaserid']) - kw.update(dict(ipabaserid=value)) + if rid_base is None: + set_from_prompt('ipabaserid') + + if secondary_rid_base is None: + set_from_prompt('ipasecondarybaserid') + + else: + # This is a local range on a server with no adtrust support + + # Prompt for secondary RID base only if RID base was given + if rid_base is not None and secondary_rid_base is None: + set_from_prompt('ipasecondarybaserid') - if secondary_rid_base is None: - value = self.prompt_param(self.params['ipasecondarybaserid']) - kw.update(dict(ipasecondarybaserid=value)) + # Symetrically, prompt for RID base if secondary RID base was + # given + if rid_base is None and secondary_rid_base is not None: + set_from_prompt('ipabaserid') def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): assert isinstance(dn, DN) |