diff options
| author | Nathaniel McCallum <npmccallum@redhat.com> | 2013-09-18 15:48:23 -0400 |
|---|---|---|
| committer | Petr Viktorin <pviktori@redhat.com> | 2013-11-08 12:48:15 +0100 |
| commit | 3f85f09a83f1cd25078c7c11a68d457bb198d66f (patch) | |
| tree | add274a530453657c963f2ecfd951fb353c8a60f /ipalib | |
| parent | df5f4ee81d1aff1122dd92ab1b56eb335294c3a7 (diff) | |
| download | freeipa.git-3f85f09a83f1cd25078c7c11a68d457bb198d66f.tar.gz freeipa.git-3f85f09a83f1cd25078c7c11a68d457bb198d66f.tar.xz freeipa.git-3f85f09a83f1cd25078c7c11a68d457bb198d66f.zip | |
Add support for managing user auth types
https://fedorahosted.org/freeipa/ticket/3368
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/plugins/config.py | 8 | ||||
| -rw-r--r-- | ipalib/plugins/user.py | 19 |
2 files changed, 22 insertions, 5 deletions
diff --git a/ipalib/plugins/config.py b/ipalib/plugins/config.py index fbaacb7b..f4e35519 100644 --- a/ipalib/plugins/config.py +++ b/ipalib/plugins/config.py @@ -92,6 +92,7 @@ class config(LDAPObject): 'ipamigrationenabled', 'ipacertificatesubjectbase', 'ipapwdexpadvnotify', 'ipaselinuxusermaporder', 'ipaselinuxusermapdefault', 'ipaconfigstring', 'ipakrbauthzdata', + 'ipauserauthtype' ] label = _('Configuration') @@ -197,6 +198,13 @@ class config(LDAPObject): values=(u'MS-PAC', u'PAD', u'nfs:NONE'), csv=True, ), + StrEnum('ipauserauthtype*', + cli_name='user_auth_type', + label=_('Default user authentication types'), + doc=_('Default types of supported user authentication'), + values=(u'password',), + csv=True, + ), ) def get_dn(self, *keys, **kwargs): diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index 471981f4..54d11c22 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -24,7 +24,7 @@ import posixpath import os from ipalib import api, errors -from ipalib import Flag, Int, Password, Str, Bool +from ipalib import Flag, Int, Password, Str, Bool, StrEnum from ipalib.plugins.baseldap import * from ipalib.plugins import baseldap from ipalib.request import context @@ -198,14 +198,14 @@ class user(LDAPObject): object_name_plural = _('users') object_class = ['posixaccount'] object_class_config = 'ipauserobjectclasses' - possible_objectclasses = ['meporiginentry'] + possible_objectclasses = ['meporiginentry', 'ipauserauthtypeclass'] disallow_object_classes = ['krbticketpolicyaux'] search_attributes_config = 'ipausersearchfields' default_attributes = [ 'uid', 'givenname', 'sn', 'homedirectory', 'loginshell', 'uidnumber', 'gidnumber', 'mail', 'ou', 'telephonenumber', 'title', 'memberof', 'nsaccountlock', - 'memberofindirect', + 'memberofindirect', 'ipauserauthtype' ] search_display_attributes = [ 'uid', 'givenname', 'sn', 'homedirectory', 'loginshell', @@ -365,6 +365,13 @@ class user(LDAPObject): csv=True, flags=['no_search'], ), + StrEnum('ipauserauthtype*', + cli_name='user_auth_type', + label=_('User authentication types'), + doc=_('Types of supported user authentication'), + values=(u'password',), + csv=True, + ), ) def _normalize_and_validate_email(self, email, config=None): @@ -633,14 +640,16 @@ class user_mod(LDAPUpdate): entry_attrs['userpassword'] = ipa_generate_password(user_pwdchars) # save the password so it can be displayed in post_callback setattr(context, 'randompassword', entry_attrs['userpassword']) - if 'ipasshpubkey' in entry_attrs: + if 'ipasshpubkey' in entry_attrs or 'ipauserauthtype' in entry_attrs: if 'objectclass' in entry_attrs: obj_classes = entry_attrs['objectclass'] else: (_dn, _entry_attrs) = ldap.get_entry(dn, ['objectclass']) obj_classes = entry_attrs['objectclass'] = _entry_attrs['objectclass'] - if 'ipasshuser' not in obj_classes: + if 'ipasshpubkey' in entry_attrs and 'ipasshuser' not in obj_classes: obj_classes.append('ipasshuser') + if 'ipauserauthtype' in entry_attrs and 'ipauserauthtype' not in obj_classes: + obj_classes.append('ipauserauthtypeclass') return dn def post_callback(self, ldap, dn, entry_attrs, *keys, **options): |