diff options
author | Ana Krivokapic <akrivoka@redhat.com> | 2013-08-20 15:34:39 +0200 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2013-08-28 16:45:57 +0200 |
commit | 196c4b5f53c5ae9d6a471ed2da1eea4d78746fcb (patch) | |
tree | 9a8fcd91ac7147df1fd67b29a1325881f3ae8662 /ipalib | |
parent | fed7e7b23182ef0355cdaf6a712d8cce84382872 (diff) | |
download | freeipa-196c4b5f53c5ae9d6a471ed2da1eea4d78746fcb.tar.gz freeipa-196c4b5f53c5ae9d6a471ed2da1eea4d78746fcb.tar.xz freeipa-196c4b5f53c5ae9d6a471ed2da1eea4d78746fcb.zip |
Fix tests which fail after ipa-adtrust-install
Some unit tests were failing after ipa-adtrust-install has been run on the
IPA server, due to missing attributes ('ipantsecurityidentifier') and
objectclasses ('ipantuserattrs' and 'ipantgroupattrs'). This patch detects if
ipa-adtrust-install has been run, and adds missing attributes and objectclasses
where appropriate.
https://fedorahosted.org/freeipa/ticket/3852
Diffstat (limited to 'ipalib')
-rw-r--r-- | ipalib/plugins/trust.py | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py index d2348c8e4..3c117b49b 100644 --- a/ipalib/plugins/trust.py +++ b/ipalib/plugins/trust.py @@ -1034,3 +1034,47 @@ class compat_is_enabled(Command): return dict(result=True) api.register(compat_is_enabled) + + +class sidgen_was_run(Command): + """ + This command tries to determine whether the sidgen task was run during + ipa-adtrust-install. It does that by simply checking the "editors" group + for the presence of the ipaNTSecurityIdentifier attribute - if the + attribute is present, the sidgen task was run. + + Since this command relies on the existence of the "editors" group, it will + fail loudly in case this group does not exist. + """ + NO_CLI = True + + __doc__ = _('Determine whether ipa-adtrust-install has been run with ' + 'sidgen task') + + def execute(self, *keys, **options): + ldap = self.api.Backend.ldap2 + editors_dn = DN( + ('cn', 'editors'), + ('cn', 'groups'), + ('cn', 'accounts'), + api.env.basedn + ) + + try: + editors_entry = ldap.get_entry(editors_dn) + except errors.NotFound: + raise errors.NotFound( + name=_('sidgen_was_run'), + reason=_( + 'This command relies on the existence of the "editors" ' + 'group, but this group was not found.' + ) + ) + + attr = editors_entry.get('ipaNTSecurityIdentifier') + if not attr: + return dict(result=False) + + return dict(result=True) + +api.register(sidgen_was_run) |