From 2a3a4ae64a9c3fa41520058e24f20f4d3d941e48 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mkosek@redhat.com>
Date: Mon, 14 Nov 2011 17:03:44 +0100
Subject: Fix LDAP object parameter encoding

Parameters in LDAP objects missed an information if they are real
LDAP attributes or not. Real LDAP attributes are written to
entry_attrs dictionary in plugin callbacks and are being encoded.
This causes issues when plugin callbacks does not expect that
the parameters values are already encoded for submission to LDAP.

This patch introduces a new flag "noattribute" used to mark that
a parameter is not an LDAP attribute and thus should not be encoded
or added to entry_attrs. Param documentation is improved to describe
the meaning of this and other Param flags or attributes.

https://fedorahosted.org/freeipa/ticket/2097
---
 ipalib/plugins/host.py | 22 +++++++++-------------
 1 file changed, 9 insertions(+), 13 deletions(-)

(limited to 'ipalib/plugins/host.py')

diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py
index 6557880a..33d60ad1 100644
--- a/ipalib/plugins/host.py
+++ b/ipalib/plugins/host.py
@@ -290,12 +290,12 @@ class host(LDAPObject):
         ),
         Flag('random?',
             doc=_('Generate a random password to be used in bulk enrollment'),
-            flags=['no_search'],
+            flags=('no_search', 'virtual_attribute'),
             default=False,
         ),
         Str('randompassword?',
             label=_('Random password'),
-            flags=['no_create', 'no_update', 'no_search'],
+            flags=('no_create', 'no_update', 'no_search', 'virtual_attribute'),
         ),
         Bytes('usercertificate?', validate_certificate,
             cli_name='certificate',
@@ -432,12 +432,10 @@ class host_add(LDAPCreate):
                 entry_attrs['objectclass'].remove('krbprincipalaux')
             if 'krbprincipal' in entry_attrs['objectclass']:
                 entry_attrs['objectclass'].remove('krbprincipal')
-        if 'random' in options:
-            if options.get('random'):
-                entry_attrs['userpassword'] = ipa_generate_password()
-                # save the password so it can be displayed in post_callback
-                setattr(context, 'randompassword', entry_attrs['userpassword'])
-            del entry_attrs['random']
+        if options.get('random'):
+            entry_attrs['userpassword'] = ipa_generate_password()
+            # save the password so it can be displayed in post_callback
+            setattr(context, 'randompassword', entry_attrs['userpassword'])
         cert = options.get('usercertificate')
         if cert:
             cert = x509.normalize_certificate(cert)
@@ -680,11 +678,9 @@ class host_mod(LDAPUpdate):
                         raise nsprerr
 
             entry_attrs['usercertificate'] = cert
-        if 'random' in options:
-            if options.get('random'):
-                entry_attrs['userpassword'] = ipa_generate_password()
-                setattr(context, 'randompassword', entry_attrs['userpassword'])
-            del entry_attrs['random']
+        if options.get('random'):
+            entry_attrs['userpassword'] = ipa_generate_password()
+            setattr(context, 'randompassword', entry_attrs['userpassword'])
 
         return dn
 
-- 
cgit