From ed6ab17c9c703edb43c92a3205c5536771ce4d4f Mon Sep 17 00:00:00 2001 From: "rcritten@redhat.com" Date: Tue, 11 Sep 2007 02:48:53 -0400 Subject: Add function to allow user's to set/reset their kerberos password Remove some unused calls to retrieve the current realm --- ipa-python/ipaclient.py | 17 +++++++---------- ipa-python/rpcclient.py | 16 ++++++++++++++++ 2 files changed, 23 insertions(+), 10 deletions(-) (limited to 'ipa-python') diff --git a/ipa-python/ipaclient.py b/ipa-python/ipaclient.py index fcfb29f1..86f4471b 100644 --- a/ipa-python/ipaclient.py +++ b/ipa-python/ipaclient.py @@ -65,8 +65,6 @@ class IPAClient: def add_user(self,user,user_container=None): """Add a user. user is a ipa.user.User object""" - realm = config.config.get_realm() - user_dict = user.toDict() # dn is set on the server-side @@ -110,24 +108,25 @@ class IPAClient: def update_user(self,user): """Update a user entry.""" - realm = config.config.get_realm() - result = self.transport.update_user(user.origDataDict(), user.toDict()) return result def delete_user(self,uid): """Delete a user entry.""" - realm = config.config.get_realm() - result = self.transport.delete_user(uid) return result + def modifyPassword(self,uid,oldpass,newpass): + """Modify a user's password""" + + result = self.transport.modifyPassword(uid,oldpass,newpass) + + return result + def mark_user_deleted(self,uid): """Set a user as inactive by uid.""" - realm = config.config.get_realm() - result = self.transport.mark_user_deleted(uid) return result @@ -150,8 +149,6 @@ class IPAClient: def add_group(self,group,group_container=None): """Add a group. group is a ipa.group.Group object""" - realm = config.config.get_realm() - group_dict = group.toDict() # dn is set on the server-side diff --git a/ipa-python/rpcclient.py b/ipa-python/rpcclient.py index e0d6e2ee..bbf2745e 100644 --- a/ipa-python/rpcclient.py +++ b/ipa-python/rpcclient.py @@ -195,6 +195,22 @@ class RPCClient: return result + def modifyPassword(self,uid,oldpass,newpass): + """Modify a user's password""" + server = self.setup_server() + + if oldpass is None: + oldpass = "__NONE__" + + try: + result = server.modifyPassword(uid,oldpass,newpass) + except xmlrpclib.Fault, fault: + raise ipaerror.gen_exception(fault.faultCode, fault.faultString) + except socket.error, (value, msg): + raise xmlrpclib.Fault(value, msg) + + return result + def mark_user_deleted(self,uid): """Mark a user as deleted/inactive""" server = self.setup_server() -- cgit From b85668579ec3fc69c2ed709533f8bd8d00e0e7e9 Mon Sep 17 00:00:00 2001 From: "rcritten@redhat.com" Date: Fri, 14 Sep 2007 17:19:02 -0400 Subject: Use ticket forwarding with TurboGears. mod_proxy forwards the principal name and location of the keytab. In order for this keytab to be usable TurboGears and Apache will need to run as the same user. We will also need to listen only on localhost in TG. --- ipa-python/ipaclient.py | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'ipa-python') diff --git a/ipa-python/ipaclient.py b/ipa-python/ipaclient.py index 86f4471b..7095aac1 100644 --- a/ipa-python/ipaclient.py +++ b/ipa-python/ipaclient.py @@ -47,6 +47,12 @@ class IPAClient: if self.local: self.transport.set_principal(princ) + def set_krbccache(self,krbccache): + """Set the file location of the Kerberos credentials cache to be used + for LDAP authentication""" + if self.local: + self.transport.set_krbccache(krbccache) + # User support def get_user_by_uid(self,uid,sattrs=None): """Get a specific user by uid. If sattrs is set then only those -- cgit From 6b3d1e85da1397324fa7e8dc25706129ff8ed6fc Mon Sep 17 00:00:00 2001 From: Kevin McCarthy Date: Tue, 18 Sep 2007 14:58:30 -0700 Subject: Add client-side search limit parameter for user search. Limit editgroup user ajax search. Minor UI cleanup for editgroup. --- ipa-python/ipaclient.py | 4 ++-- ipa-python/rpcclient.py | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'ipa-python') diff --git a/ipa-python/ipaclient.py b/ipa-python/ipaclient.py index fcfb29f1..4e293b01 100644 --- a/ipa-python/ipaclient.py +++ b/ipa-python/ipaclient.py @@ -93,11 +93,11 @@ class IPAClient: result = self.transport.get_add_schema() return result - def find_users(self, criteria, sattrs=None): + def find_users(self, criteria, sattrs=None, searchlimit=0): """Return a list: counter followed by a User object for each user that matches the criteria. If the results are truncated, counter will be set to -1""" - result = self.transport.find_users(criteria, sattrs) + result = self.transport.find_users(criteria, sattrs, searchlimit) counter = result[0] users = [counter] diff --git a/ipa-python/rpcclient.py b/ipa-python/rpcclient.py index e0d6e2ee..96c8976c 100644 --- a/ipa-python/rpcclient.py +++ b/ipa-python/rpcclient.py @@ -150,7 +150,7 @@ class RPCClient: return ipautil.unwrap_binary_data(result) - def find_users (self, criteria, sattrs=None): + def find_users (self, criteria, sattrs=None, searchlimit=0): """Return a list: counter followed by a User object for each user that matches the criteria. If the results are truncated, counter will be set to -1""" @@ -160,7 +160,7 @@ class RPCClient: # None values are not allowed in XML-RPC if sattrs is None: sattrs = "__NONE__" - result = server.find_users(criteria, sattrs) + result = server.find_users(criteria, sattrs, searchlimit) except xmlrpclib.Fault, fault: raise ipaerror.gen_exception(fault.faultCode, fault.faultString) except socket.error, (value, msg): -- cgit From f17071533a73c5e989ead1b243de5397d36a38d3 Mon Sep 17 00:00:00 2001 From: Kevin McCarthy Date: Wed, 19 Sep 2007 08:42:34 -0700 Subject: Implement asynchronous search for groups. Use the filter generation code to search on multiple fields. --- ipa-python/ipaclient.py | 9 +++++---- ipa-python/rpcclient.py | 4 ++-- 2 files changed, 7 insertions(+), 6 deletions(-) (limited to 'ipa-python') diff --git a/ipa-python/ipaclient.py b/ipa-python/ipaclient.py index 4e293b01..63537f26 100644 --- a/ipa-python/ipaclient.py +++ b/ipa-python/ipaclient.py @@ -161,13 +161,14 @@ class IPAClient: result = self.transport.add_group(group_dict, group_container) return result - def find_groups(self, criteria, sattrs=None): + def find_groups(self, criteria, sattrs=None, searchlimit=0): """Find groups whose cn matches the criteria. Wildcards are acceptable. Returns a list of Group objects.""" - result = self.transport.find_groups(criteria, sattrs) + result = self.transport.find_groups(criteria, sattrs, searchlimit) + counter = result[0] - groups = [] - for attrs in result: + groups = [counter] + for attrs in result[1:]: if attrs is not None: groups.append(group.Group(attrs)) diff --git a/ipa-python/rpcclient.py b/ipa-python/rpcclient.py index 96c8976c..9e51e981 100644 --- a/ipa-python/rpcclient.py +++ b/ipa-python/rpcclient.py @@ -259,7 +259,7 @@ class RPCClient: except socket.error, (value, msg): raise xmlrpclib.Fault(value, msg) - def find_groups (self, criteria, sattrs=None): + def find_groups (self, criteria, sattrs=None, searchlimit=0): """Return a list containing a Group object for each group that matches the criteria.""" @@ -268,7 +268,7 @@ class RPCClient: # None values are not allowed in XML-RPC if sattrs is None: sattrs = "__NONE__" - result = server.find_groups(criteria, sattrs) + result = server.find_groups(criteria, sattrs, searchlimit) except xmlrpclib.Fault, fault: raise ipaerror.gen_exception(fault.faultCode, fault.faultString) except socket.error, (value, msg): -- cgit