From d9194cdd098f24f85443cda3dbda730172d6234a Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Fri, 9 Nov 2007 14:55:41 -0500 Subject: Don't continue if a kerberos credentials cache is not available forked-model detection was incorrect. Both of these return an error instead of raising one --- ipa-server/xmlrpc-server/ipaxmlrpc.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'ipa-server/xmlrpc-server/ipaxmlrpc.py') diff --git a/ipa-server/xmlrpc-server/ipaxmlrpc.py b/ipa-server/xmlrpc-server/ipaxmlrpc.py index 6aaad117..86f5fda0 100644 --- a/ipa-server/xmlrpc-server/ipaxmlrpc.py +++ b/ipa-server/xmlrpc-server/ipaxmlrpc.py @@ -141,8 +141,8 @@ class ModXMLRPCRequestHandler(object): if req.subprocess_env.get("KRB5CCNAME") is not None: opts['krbccache'] = req.subprocess_env.get("KRB5CCNAME") else: - sys.stderr.write("IPA: did not receive a Kerberos credentials cache. Expect problems") - sys.stderr.flush() + response = dumps(Fault(5, "Did not receive Kerberos credentials.")) + return response if pythonopts.get("IPADebug"): opts['ipadebug'] = pythonopts.get("IPADebug") @@ -277,17 +277,17 @@ class ModXMLRPCRequestHandler(object): def handle_request(self,req): """Handle a single XML-RPC request""" - # The LDAP connection pool is not thread-safe. Avoid problems and - # force the forked model for now. - if not apache.mpm_query(apache.AP_MPMQ_IS_FORKED): - raise Fault(3, "Apache must use the forked model") - # XMLRPC uses POST only. Reject anything else if req.method != 'POST': req.allow_methods(['POST'],1) raise apache.SERVER_RETURN, apache.HTTP_METHOD_NOT_ALLOWED - response = self._marshaled_dispatch(req.read(), req) + # The LDAP connection pool is not thread-safe. Avoid problems and + # force the forked model for now. + if apache.mpm_query(apache.AP_MPMQ_IS_THREADED): + response = dumps(Fault(3, "Apache must use the forked model")) + else: + response = self._marshaled_dispatch(req.read(), req) req.content_type = "text/xml" req.set_content_length(len(response)) -- cgit From 1967aafa3985fa87e02ae372164abe2524d9bd65 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Fri, 16 Nov 2007 12:59:32 -0500 Subject: Implement the password policy UI and finish IPA policy UI This includes a default password policy Custom fields are now read from LDAP. The format is a list of dicts with keys: label, field, required. The LDAP-based configuration now specifies: ipaUserSearchFields: uid,givenName,sn,telephoneNumber,ou,title ipaGroupSearchFields: cn,description ipaSearchTimeLimit: 2 ipaSearchRecordsLimit: 0 ipaCustomFields: ipaHomesRootDir: /home ipaDefaultLoginShell: /bin/sh ipaDefaultPrimaryGroup: ipausers ipaMaxUsernameLength: 8 ipaPwdExpAdvNotify: 4 This could use some optimization. --- ipa-server/xmlrpc-server/ipaxmlrpc.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'ipa-server/xmlrpc-server/ipaxmlrpc.py') diff --git a/ipa-server/xmlrpc-server/ipaxmlrpc.py b/ipa-server/xmlrpc-server/ipaxmlrpc.py index 86f5fda0..23bdcec1 100644 --- a/ipa-server/xmlrpc-server/ipaxmlrpc.py +++ b/ipa-server/xmlrpc-server/ipaxmlrpc.py @@ -326,7 +326,8 @@ def handler(req, profiling=False): h.register_function(f.get_user_by_email) h.register_function(f.get_users_by_manager) h.register_function(f.add_user) - h.register_function(f.get_add_schema) + h.register_function(f.get_custom_fields) + h.register_function(f.set_custom_fields) h.register_function(f.get_all_users) h.register_function(f.find_users) h.register_function(f.update_user) @@ -351,6 +352,10 @@ def handler(req, profiling=False): h.register_function(f.delete_group) h.register_function(f.attrs_to_labels) h.register_function(f.group_members) + h.register_function(f.get_ipa_config) + h.register_function(f.update_ipa_config) + h.register_function(f.get_password_policy) + h.register_function(f.update_password_policy) h.handle_request(req) finally: pass -- cgit From f42f1f44c81e15ac9ecbc6684cbc4dfc9395fd42 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Tue, 20 Nov 2007 22:45:29 -0500 Subject: Enable group inactivation by using the Class of Service plugin. This adds 2 new groups: activated and inactivated. If you, or a group you are a member of, is in inactivated then you are too. If you, or a group you are a member of, is in the activated group, then you are too. In a fight between activated and inactivated, activated wins. The DNs for doing this matching is case and white space sensitive. The goal is to never have to actually set nsAccountLock in a user directly but move them between these groups. We need to decide where in the CLI this will happen. Right it is split between ipa-deluser and ipa-usermod. To inactivate groups for now just add the group to inactivate or active. --- ipa-server/xmlrpc-server/ipaxmlrpc.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'ipa-server/xmlrpc-server/ipaxmlrpc.py') diff --git a/ipa-server/xmlrpc-server/ipaxmlrpc.py b/ipa-server/xmlrpc-server/ipaxmlrpc.py index 23bdcec1..789233c9 100644 --- a/ipa-server/xmlrpc-server/ipaxmlrpc.py +++ b/ipa-server/xmlrpc-server/ipaxmlrpc.py @@ -332,7 +332,10 @@ def handler(req, profiling=False): h.register_function(f.find_users) h.register_function(f.update_user) h.register_function(f.delete_user) - h.register_function(f.mark_user_deleted) + h.register_function(f.mark_user_active) + h.register_function(f.mark_user_inactive) + h.register_function(f.mark_group_active) + h.register_function(f.mark_group_inactive) h.register_function(f.modifyPassword) h.register_function(f.get_groups_by_member) h.register_function(f.add_group) -- cgit From edc7af1446af451ea5ed44420cceb05059a7b973 Mon Sep 17 00:00:00 2001 From: Karl MacMillan Date: Wed, 21 Nov 2007 23:28:25 -0500 Subject: Add xml-rpc interface for getting keytabs. Warning: this lacks any sort of authorization. --- ipa-server/xmlrpc-server/ipaxmlrpc.py | 2 ++ 1 file changed, 2 insertions(+) (limited to 'ipa-server/xmlrpc-server/ipaxmlrpc.py') diff --git a/ipa-server/xmlrpc-server/ipaxmlrpc.py b/ipa-server/xmlrpc-server/ipaxmlrpc.py index 789233c9..c6f0ec2c 100644 --- a/ipa-server/xmlrpc-server/ipaxmlrpc.py +++ b/ipa-server/xmlrpc-server/ipaxmlrpc.py @@ -359,6 +359,8 @@ def handler(req, profiling=False): h.register_function(f.update_ipa_config) h.register_function(f.get_password_policy) h.register_function(f.update_password_policy) + h.register_function(f.add_service_principal) + h.register_function(f.get_keytab) h.handle_request(req) finally: pass -- cgit