diff options
author | Ana Krivokapic <akrivoka@redhat.com> | 2013-08-20 15:34:39 +0200 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2013-08-28 16:46:15 +0200 |
commit | c392146101422808b8781c85f0f2720db230da28 (patch) | |
tree | 095acec64a62aefff7dc498602d05e38af31f626 /ipalib/plugins/trust.py | |
parent | 023385510a1b9ce6b40e40b788044ba853463696 (diff) | |
download | freeipa.git-c392146101422808b8781c85f0f2720db230da28.tar.gz freeipa.git-c392146101422808b8781c85f0f2720db230da28.tar.xz freeipa.git-c392146101422808b8781c85f0f2720db230da28.zip |
Fix tests which fail after ipa-adtrust-install
Some unit tests were failing after ipa-adtrust-install has been run on the
IPA server, due to missing attributes ('ipantsecurityidentifier') and
objectclasses ('ipantuserattrs' and 'ipantgroupattrs'). This patch detects if
ipa-adtrust-install has been run, and adds missing attributes and objectclasses
where appropriate.
https://fedorahosted.org/freeipa/ticket/3852
Diffstat (limited to 'ipalib/plugins/trust.py')
-rw-r--r-- | ipalib/plugins/trust.py | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py index d2348c8e..3c117b49 100644 --- a/ipalib/plugins/trust.py +++ b/ipalib/plugins/trust.py @@ -1034,3 +1034,47 @@ class compat_is_enabled(Command): return dict(result=True) api.register(compat_is_enabled) + + +class sidgen_was_run(Command): + """ + This command tries to determine whether the sidgen task was run during + ipa-adtrust-install. It does that by simply checking the "editors" group + for the presence of the ipaNTSecurityIdentifier attribute - if the + attribute is present, the sidgen task was run. + + Since this command relies on the existence of the "editors" group, it will + fail loudly in case this group does not exist. + """ + NO_CLI = True + + __doc__ = _('Determine whether ipa-adtrust-install has been run with ' + 'sidgen task') + + def execute(self, *keys, **options): + ldap = self.api.Backend.ldap2 + editors_dn = DN( + ('cn', 'editors'), + ('cn', 'groups'), + ('cn', 'accounts'), + api.env.basedn + ) + + try: + editors_entry = ldap.get_entry(editors_dn) + except errors.NotFound: + raise errors.NotFound( + name=_('sidgen_was_run'), + reason=_( + 'This command relies on the existence of the "editors" ' + 'group, but this group was not found.' + ) + ) + + attr = editors_entry.get('ipaNTSecurityIdentifier') + if not attr: + return dict(result=False) + + return dict(result=True) + +api.register(sidgen_was_run) |