From 6e28e709ed07798740e5469d166f3996a643e322 Mon Sep 17 00:00:00 2001 From: Ana Krivokapic Date: Fri, 2 Aug 2013 16:14:27 +0200 Subject: Add new command compat-is-enabled Add a new API command 'compat-is-enabled' which can be used to determine whether Schema Compatibility plugin is configured to serve trusted domain users and groups. The new command is not visible in IPA CLI. https://fedorahosted.org/freeipa/ticket/3671 https://fedorahosted.org/freeipa/ticket/3672 --- ipalib/plugins/trust.py | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) (limited to 'ipalib/plugins') diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py index b19a27ec..8790dcd2 100644 --- a/ipalib/plugins/trust.py +++ b/ipalib/plugins/trust.py @@ -990,3 +990,47 @@ class adtrust_is_enabled(Command): return dict(result=True) api.register(adtrust_is_enabled) + + +class compat_is_enabled(Command): + NO_CLI = True + + __doc__ = _('Determine whether Schema Compatibility plugin is configured ' + 'to serve trusted domain users and groups') + + def execute(self, *keys, **options): + ldap = self.api.Backend.ldap2 + users_dn = DN( + ('cn', 'users'), + ('cn', 'Schema Compatibility'), + ('cn', 'plugins'), + ('cn', 'config') + ) + groups_dn = DN( + ('cn', 'groups'), + ('cn', 'Schema Compatibility'), + ('cn', 'plugins'), + ('cn', 'config') + ) + + try: + users_entry = ldap.get_entry(users_dn) + except errors.NotFound: + return dict(result=False) + + attr = users_entry.get('schema-compat-lookup-nsswitch') + if not attr or 'user' not in attr: + return dict(result=False) + + try: + groups_entry = ldap.get_entry(groups_dn) + except errors.NotFound: + return dict(result=False) + + attr = groups_entry.get('schema-compat-lookup-nsswitch') + if not attr or 'group' not in attr: + return dict(result=False) + + return dict(result=True) + +api.register(compat_is_enabled) -- cgit