diff options
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/dsinstance.py | 3 | ||||
-rw-r--r-- | ipaserver/install/plugins/update_anonymous_aci.py | 25 |
2 files changed, 20 insertions, 8 deletions
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 3b841417..046480f0 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -411,7 +411,8 @@ class DsInstance(service.Service): "60basev3.ldif", "60ipadns.ldif", "61kerberos-ipav3.ldif", - "65ipasudo.ldif"): + "65ipasudo.ldif", + "70ipaotp.ldif"): target_fname = schema_dirname(self.serverid) + schema_fname shutil.copyfile(ipautil.SHARE_DIR + schema_fname, target_fname) os.chmod(target_fname, 0440) # read access for dirsrv user/group diff --git a/ipaserver/install/plugins/update_anonymous_aci.py b/ipaserver/install/plugins/update_anonymous_aci.py index 2b7446ad..1e75113f 100644 --- a/ipaserver/install/plugins/update_anonymous_aci.py +++ b/ipaserver/install/plugins/update_anonymous_aci.py @@ -20,8 +20,6 @@ from copy import deepcopy from ipaserver.install.plugins import FIRST, LAST from ipaserver.install.plugins.baseupdate import PostUpdate -#from ipalib.frontend import Updater -#from ipaserver.install.plugins import baseupdate from ipalib import api from ipalib.aci import ACI from ipalib.plugins import aci @@ -37,6 +35,8 @@ class update_anonymous_aci(PostUpdate): aciname = u'Enable Anonymous access' aciprefix = u'none' ldap = self.obj.backend + targetfilter = '(&(!(objectClass=ipaToken))(!(objectClass=ipatokenTOTP))(!(objectClass=ipatokenRadiusProxyUser))(!(objectClass=ipatokenRadiusConfiguration)))' + filter = None (dn, entry_attrs) = ldap.get_entry(api.env.basedn, ['aci']) @@ -45,6 +45,9 @@ class update_anonymous_aci(PostUpdate): rawaci = aci._find_aci_by_name(acilist, aciprefix, aciname) attrs = rawaci.target['targetattr']['expression'] + rawfilter = rawaci.target.get('targetfilter', None) + if rawfilter is not None: + filter = rawfilter['expression'] update_attrs = deepcopy(attrs) @@ -54,12 +57,10 @@ class update_anonymous_aci(PostUpdate): needed_attrs.append(attr) update_attrs.extend(needed_attrs) - if len(attrs) == len(update_attrs): + if (len(attrs) == len(update_attrs) and + filter == targetfilter): root_logger.debug("Anonymous ACI already update-to-date") return (False, False, []) - else: - root_logger.debug("New Anonymous ACI attributes needed: %s", - needed_attrs) for tmpaci in acistrs: candidate = ACI(tmpaci) @@ -67,7 +68,17 @@ class update_anonymous_aci(PostUpdate): acistrs.remove(tmpaci) break - rawaci.target['targetattr']['expression'] = update_attrs + if len(attrs) != len(update_attrs): + root_logger.debug("New Anonymous ACI attributes needed: %s", + needed_attrs) + + rawaci.target['targetattr']['expression'] = update_attrs + + if filter != targetfilter: + root_logger.debug("New Anonymous ACI targetfilter needed.") + + rawaci.set_target_filter(targetfilter) + acistrs.append(unicode(rawaci)) entry_attrs['aci'] = acistrs |