summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAna Krivokapic <akrivoka@redhat.com>2013-08-02 16:14:27 +0200
committerMartin Kosek <mkosek@redhat.com>2013-08-07 09:18:43 +0200
commit6e28e709ed07798740e5469d166f3996a643e322 (patch)
treebfef412c24e5eeb0a2613e71f0df8805b32bd916
parentefe5a96725d3ddcd05b03a1ca9df5597eee693be (diff)
downloadfreeipa.git-6e28e709ed07798740e5469d166f3996a643e322.tar.gz
freeipa.git-6e28e709ed07798740e5469d166f3996a643e322.tar.xz
freeipa.git-6e28e709ed07798740e5469d166f3996a643e322.zip
Add new command compat-is-enabled
Add a new API command 'compat-is-enabled' which can be used to determine whether Schema Compatibility plugin is configured to serve trusted domain users and groups. The new command is not visible in IPA CLI. https://fedorahosted.org/freeipa/ticket/3671 https://fedorahosted.org/freeipa/ticket/3672
-rw-r--r--API.txt4
-rw-r--r--VERSION2
-rw-r--r--ipalib/plugins/trust.py44
3 files changed, 49 insertions, 1 deletions
diff --git a/API.txt b/API.txt
index 47cf5411..5418f31d 100644
--- a/API.txt
+++ b/API.txt
@@ -490,6 +490,10 @@ args: 1,1,1
arg: Str('request_id')
option: Str('version?', exclude='webui')
output: Output('result', None, None)
+command: compat_is_enabled
+args: 0,1,1
+option: Str('version?', exclude='webui')
+output: Output('result', None, None)
command: config_mod
args: 0,24,3
option: Str('addattr*', cli_name='addattr', exclude='webui')
diff --git a/VERSION b/VERSION
index 313d5f96..950e094d 100644
--- a/VERSION
+++ b/VERSION
@@ -89,4 +89,4 @@ IPA_DATA_VERSION=20100614120000
# #
########################################################
IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=63
+IPA_API_VERSION_MINOR=64
diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py
index b19a27ec..8790dcd2 100644
--- a/ipalib/plugins/trust.py
+++ b/ipalib/plugins/trust.py
@@ -990,3 +990,47 @@ class adtrust_is_enabled(Command):
return dict(result=True)
api.register(adtrust_is_enabled)
+
+
+class compat_is_enabled(Command):
+ NO_CLI = True
+
+ __doc__ = _('Determine whether Schema Compatibility plugin is configured '
+ 'to serve trusted domain users and groups')
+
+ def execute(self, *keys, **options):
+ ldap = self.api.Backend.ldap2
+ users_dn = DN(
+ ('cn', 'users'),
+ ('cn', 'Schema Compatibility'),
+ ('cn', 'plugins'),
+ ('cn', 'config')
+ )
+ groups_dn = DN(
+ ('cn', 'groups'),
+ ('cn', 'Schema Compatibility'),
+ ('cn', 'plugins'),
+ ('cn', 'config')
+ )
+
+ try:
+ users_entry = ldap.get_entry(users_dn)
+ except errors.NotFound:
+ return dict(result=False)
+
+ attr = users_entry.get('schema-compat-lookup-nsswitch')
+ if not attr or 'user' not in attr:
+ return dict(result=False)
+
+ try:
+ groups_entry = ldap.get_entry(groups_dn)
+ except errors.NotFound:
+ return dict(result=False)
+
+ attr = groups_entry.get('schema-compat-lookup-nsswitch')
+ if not attr or 'group' not in attr:
+ return dict(result=False)
+
+ return dict(result=True)
+
+api.register(compat_is_enabled)