diff options
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/plugins/f_host.py | 23 | ||||
| -rw-r--r-- | ipalib/plugins/f_passwd.py | 2 | ||||
| -rw-r--r-- | ipalib/plugins/f_service.py | 10 |
3 files changed, 28 insertions, 7 deletions
diff --git a/ipalib/plugins/f_host.py b/ipalib/plugins/f_host.py index da281548..4f4f7204 100644 --- a/ipalib/plugins/f_host.py +++ b/ipalib/plugins/f_host.py @@ -103,6 +103,9 @@ class host_add(crud.Add): The dn should not be passed as a keyword argument as it is constructed by this method. + If password is set then this is considered a 'bulk' host so we + do not create a kerberos service principal. + Returns the entry as it will be created in LDAP. :param hostname: The name of the host being added. @@ -110,27 +113,39 @@ class host_add(crud.Add): """ assert 'cn' not in kw assert 'dn' not in kw + assert 'krbprincipalname' not in kw ldap = self.api.Backend.ldap kw['cn'] = hostname kw['serverhostname'] = hostname.split('.',1)[0] kw['dn'] = ldap.make_host_dn(hostname) - kw['krbPrincipalName'] = "host/%s@%s" % (hostname, self.api.env.realm) # FIXME: do a DNS lookup to ensure host exists current = util.get_current_principal() if not current: raise errors.NotFound('Unable to determine current user') - kw['enrolledBy'] = ldap.find_entry_dn("krbPrincipalName", current, "person") + kw['enrolledby'] = ldap.find_entry_dn("krbPrincipalName", current, "posixAccount") # Get our configuration config = ldap.get_ipa_config() # some required objectclasses # FIXME: add this attribute to cn=ipaconfig - #kw['objectClass'] = config.get('ipahostobjectclasses') - kw['objectClass'] = ['nsHost', 'krbPrincipalAux', 'ipaHost'] + #kw['objectclass'] = config.get('ipahostobjectclasses') + kw['objectclass'] = ['nsHost', 'ipaHost'] + + # Ensure the list of objectclasses is lower-case + kw['objectclass'] = map(lambda z: z.lower(), kw.get('objectclass')) + + if not kw.get('userpassword', False): + kw['krbprincipalname'] = "host/%s@%s" % (hostname, self.api.env.realm) + + if 'krbprincipalaux' not in kw.get('objectclass'): + kw['objectclass'].append('krbprincipalaux') + else: + if 'krbprincipalaux' in kw.get('objectclass'): + kw['objectclass'].remove('krbprincipalaux') return ldap.create(**kw) def output_for_cli(self, ret): diff --git a/ipalib/plugins/f_passwd.py b/ipalib/plugins/f_passwd.py index f70eacac..7b424a3b 100644 --- a/ipalib/plugins/f_passwd.py +++ b/ipalib/plugins/f_passwd.py @@ -60,7 +60,7 @@ class passwd(frontend.Command): else: principal = principal - dn = ldap.find_entry_dn("krbprincipalname", principal, "person") + dn = ldap.find_entry_dn("krbprincipalname", principal, "posixAccount") # FIXME: we need a way to prompt for passwords using getpass kw['newpass'] = "password" diff --git a/ipalib/plugins/f_service.py b/ipalib/plugins/f_service.py index 38c80ad2..9e9cec53 100644 --- a/ipalib/plugins/f_service.py +++ b/ipalib/plugins/f_service.py @@ -110,7 +110,7 @@ class service_add(crud.Add): def output_to_cli(self, ret): if ret: - print "Service added" + print "Service added" api.register(service_add) @@ -146,7 +146,7 @@ class service_find(crud.Find): def execute(self, principal, **kw): ldap = self.api.Backend.ldap - kw['filter'] = "&(objectclass=krbPrincipalAux)(!(objectClass=person))(!(|(krbprincipalname=kadmin/*)(krbprincipalname=K/M@*)(krbprincipalname=krbtgt/*)))" + kw['filter'] = "&(objectclass=krbPrincipalAux)(!(objectClass=posixAccount))(!(|(krbprincipalname=kadmin/*)(krbprincipalname=K/M@*)(krbprincipalname=krbtgt/*)))" kw['krbprincipalname'] = principal object_type = ldap.get_object_type("krbprincipalname") @@ -193,5 +193,11 @@ class service_show(crud.Get): dn = ldap.find_entry_dn("krbprincipalname", principal) # FIXME: should kw contain the list of attributes to display? return ldap.retrieve(dn) + def output_for_cli(self, service): + if not service: + return + + for a in service.keys(): + print "%s: %s" % (a, service[a]) api.register(service_show) |