From 1967aafa3985fa87e02ae372164abe2524d9bd65 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 16 Nov 2007 12:59:32 -0500
Subject: Implement the password policy UI and finish IPA policy UI This
 includes a default password policy Custom fields are now read from LDAP. The
 format is a list of   dicts with keys: label, field, required. The LDAP-based
 configuration now specifies:     ipaUserSearchFields:
 uid,givenName,sn,telephoneNumber,ou,title     ipaGroupSearchFields:
 cn,description     ipaSearchTimeLimit: 2     ipaSearchRecordsLimit: 0    
 ipaCustomFields:     ipaHomesRootDir: /home     ipaDefaultLoginShell: /bin/sh
     ipaDefaultPrimaryGroup: ipausers     ipaMaxUsernameLength: 8    
 ipaPwdExpAdvNotify: 4 This could use some optimization.

---
 ipa-python/ipaclient.py | 38 ++++++++++++++++++++++++++++++++++----
 1 file changed, 34 insertions(+), 4 deletions(-)

(limited to 'ipa-python/ipaclient.py')

diff --git a/ipa-python/ipaclient.py b/ipa-python/ipaclient.py
index 659ff995..f8c70974 100644
--- a/ipa-python/ipaclient.py
+++ b/ipa-python/ipaclient.py
@@ -134,10 +134,14 @@ class IPAClient:
 
         return all_users
 
-    def get_add_schema(self):
-        """Prototype for the GUI. Specify in the directory fields to
-           be displayed and what data to get for new users."""
-        result = self.transport.get_add_schema()
+    def get_custom_fields(self):
+        """Get custom user fields"""
+        result = self.transport.get_custom_fields()
+        return result
+
+    def set_custom_fields(self, schema):
+        """Set custom user fields"""
+        result = self.transport.set_custom_fields(schema)
         return result
 
     def find_users(self, criteria, sattrs=None, searchlimit=0, timelimit=-1):
@@ -331,3 +335,29 @@ class IPAClient:
                 entries.append(user.User(e))
 
         return entries
+
+    def get_ipa_config(self):
+        """Get the IPA configuration"""
+        result = self.transport.get_ipa_config()
+        return entity.Entity(result)
+
+    def update_ipa_config(self, config):
+        """Updates the IPA configuration.
+
+           config is an Entity object.
+        """
+        result = self.transport.update_ipa_config(config.origDataDict(), config.toDict())
+        return result
+
+    def get_password_policy(self):
+        """Get the IPA password policy"""
+        result = self.transport.get_password_policy()
+        return entity.Entity(result)
+
+    def update_password_policy(self, policy):
+        """Updates the IPA password policy.
+
+           policy is an Entity object.
+        """
+        result = self.transport.update_password_policy(policy.origDataDict(), policy.toDict())
+        return result
-- 
cgit 


From f42f1f44c81e15ac9ecbc6684cbc4dfc9395fd42 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 20 Nov 2007 22:45:29 -0500
Subject: Enable group inactivation by using the Class of Service plugin.

This adds 2 new groups: activated and inactivated.

If you, or a group you are a member of, is in inactivated then you are too.

If you, or a group you are a member of, is in the activated group, then you
are too.

In a fight between activated and inactivated, activated wins.

The DNs for doing this matching is case and white space sensitive.

The goal is to never have to actually set nsAccountLock in a user directly
but move them between these groups.

We need to decide where in the CLI this will happen. Right it is split
between ipa-deluser and ipa-usermod. To inactivate groups for now just
add the group to inactivate or active.
---
 ipa-python/ipaclient.py | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

(limited to 'ipa-python/ipaclient.py')

diff --git a/ipa-python/ipaclient.py b/ipa-python/ipaclient.py
index f8c70974..0eeb2f36 100644
--- a/ipa-python/ipaclient.py
+++ b/ipa-python/ipaclient.py
@@ -177,10 +177,16 @@ class IPAClient:
 
         return result
 
-    def mark_user_deleted(self,uid):
+    def mark_user_active(self,uid):
+        """Set a user as active by uid."""
+
+        result = self.transport.mark_user_active(uid)
+        return result
+
+    def mark_user_inactive(self,uid):
         """Set a user as inactive by uid."""
 
-        result = self.transport.mark_user_deleted(uid)
+        result = self.transport.mark_user_inactive(uid)
         return result
 
 # Groups support
@@ -335,6 +341,20 @@ class IPAClient:
                 entries.append(user.User(e))
 
         return entries
+ 
+     def mark_group_active(self,cn):
+         """Set a group as active by cn."""
+ 
+         result = self.transport.mark_group_active(cn)
+         return result
+ 
+     def mark_group_inactive(self,cn):
+         """Set a group as inactive by cn."""
+ 
+         result = self.transport.mark_group_inactive(cn)
+         return result
+
+# Configuration
 
     def get_ipa_config(self):
         """Get the IPA configuration"""
-- 
cgit 


From bf743087d25e170091dc507fa087d012b64b1468 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Wed, 21 Nov 2007 00:29:03 -0500
Subject: Fix indentation error that occured in merge

---
 ipa-python/ipaclient.py | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

(limited to 'ipa-python/ipaclient.py')

diff --git a/ipa-python/ipaclient.py b/ipa-python/ipaclient.py
index 0eeb2f36..cda8ceb9 100644
--- a/ipa-python/ipaclient.py
+++ b/ipa-python/ipaclient.py
@@ -342,17 +342,17 @@ class IPAClient:
 
         return entries
  
-     def mark_group_active(self,cn):
-         """Set a group as active by cn."""
- 
-         result = self.transport.mark_group_active(cn)
-         return result
- 
-     def mark_group_inactive(self,cn):
-         """Set a group as inactive by cn."""
- 
-         result = self.transport.mark_group_inactive(cn)
-         return result
+    def mark_group_active(self,cn):
+        """Set a group as active by cn."""
+
+        result = self.transport.mark_group_active(cn)
+        return result
+
+    def mark_group_inactive(self,cn):
+        """Set a group as inactive by cn."""
+
+        result = self.transport.mark_group_inactive(cn)
+        return result
 
 # Configuration
 
-- 
cgit 


From edc7af1446af451ea5ed44420cceb05059a7b973 Mon Sep 17 00:00:00 2001
From: Karl MacMillan <kmacmill@redhat.com>
Date: Wed, 21 Nov 2007 23:28:25 -0500
Subject: Add xml-rpc interface for getting keytabs.

Warning: this lacks any sort of authorization.
---
 ipa-python/ipaclient.py | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'ipa-python/ipaclient.py')

diff --git a/ipa-python/ipaclient.py b/ipa-python/ipaclient.py
index cda8ceb9..c551f043 100644
--- a/ipa-python/ipaclient.py
+++ b/ipa-python/ipaclient.py
@@ -381,3 +381,10 @@ class IPAClient:
         """
         result = self.transport.update_password_policy(policy.origDataDict(), policy.toDict())
         return result
+
+    def add_service_principal(self, princ_name):
+        return self.transport.add_service_principal(princ_name)
+
+    def get_keytab(self, princ_name):
+        return self.transport.get_keytab(princ_name)
+
-- 
cgit