From f42f1f44c81e15ac9ecbc6684cbc4dfc9395fd42 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Tue, 20 Nov 2007 22:45:29 -0500 Subject: Enable group inactivation by using the Class of Service plugin. This adds 2 new groups: activated and inactivated. If you, or a group you are a member of, is in inactivated then you are too. If you, or a group you are a member of, is in the activated group, then you are too. In a fight between activated and inactivated, activated wins. The DNs for doing this matching is case and white space sensitive. The goal is to never have to actually set nsAccountLock in a user directly but move them between these groups. We need to decide where in the CLI this will happen. Right it is split between ipa-deluser and ipa-usermod. To inactivate groups for now just add the group to inactivate or active. --- ipa-python/ipaclient.py | 24 ++++++++++++++++++++++-- ipa-python/rpcclient.py | 48 +++++++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 67 insertions(+), 5 deletions(-) (limited to 'ipa-python') diff --git a/ipa-python/ipaclient.py b/ipa-python/ipaclient.py index f8c70974..0eeb2f36 100644 --- a/ipa-python/ipaclient.py +++ b/ipa-python/ipaclient.py @@ -177,10 +177,16 @@ class IPAClient: return result - def mark_user_deleted(self,uid): + def mark_user_active(self,uid): + """Set a user as active by uid.""" + + result = self.transport.mark_user_active(uid) + return result + + def mark_user_inactive(self,uid): """Set a user as inactive by uid.""" - result = self.transport.mark_user_deleted(uid) + result = self.transport.mark_user_inactive(uid) return result # Groups support @@ -335,6 +341,20 @@ class IPAClient: entries.append(user.User(e)) return entries + + def mark_group_active(self,cn): + """Set a group as active by cn.""" + + result = self.transport.mark_group_active(cn) + return result + + def mark_group_inactive(self,cn): + """Set a group as inactive by cn.""" + + result = self.transport.mark_group_inactive(cn) + return result + +# Configuration def get_ipa_config(self): """Get the IPA configuration""" diff --git a/ipa-python/rpcclient.py b/ipa-python/rpcclient.py index c4ca2ff3..d4c3dcc8 100644 --- a/ipa-python/rpcclient.py +++ b/ipa-python/rpcclient.py @@ -318,12 +318,12 @@ class RPCClient: return result - def mark_user_deleted(self,uid): - """Mark a user as deleted/inactive""" + def mark_user_active(self,uid): + """Mark a user as active""" server = self.setup_server() try: - result = server.mark_user_deleted(uid) + result = server.mark_user_active(uid) except xmlrpclib.Fault, fault: raise ipaerror.gen_exception(fault.faultCode, fault.faultString) except socket.error, (value, msg): @@ -331,6 +331,20 @@ class RPCClient: return ipautil.unwrap_binary_data(result) + def mark_user_inactive(self,uid): + """Mark a user as inactive""" + server = self.setup_server() + + try: + result = server.mark_user_inactive(uid) + except xmlrpclib.Fault, fault: + raise ipaerror.gen_exception(fault.faultCode, fault.faultString) + except socket.error, (value, msg): + raise xmlrpclib.Fault(value, msg) + + return ipautil.unwrap_binary_data(result) + + # Group support def get_groups_by_member(self,member_dn,sattrs=None): @@ -601,6 +615,34 @@ class RPCClient: return ipautil.unwrap_binary_data(result) + def mark_group_active(self,cn): + """Mark a group as active""" + server = self.setup_server() + + try: + result = server.mark_group_active(cn) + except xmlrpclib.Fault, fault: + raise ipaerror.gen_exception(fault.faultCode, fault.faultString) + except socket.error, (value, msg): + raise xmlrpclib.Fault(value, msg) + + return ipautil.unwrap_binary_data(result) + + def mark_group_inactive(self,cn): + """Mark a group as inactive""" + server = self.setup_server() + + try: + result = server.mark_group_inactive(cn) + except xmlrpclib.Fault, fault: + raise ipaerror.gen_exception(fault.faultCode, fault.faultString) + except socket.error, (value, msg): + raise xmlrpclib.Fault(value, msg) + + return ipautil.unwrap_binary_data(result) + +# Configuration support + def get_ipa_config(self): """Get the IPA configuration""" server = self.setup_server() -- cgit