summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--VERSION4
-rw-r--r--ipaserver/plugins/baseuser.py4
-rw-r--r--ipaserver/plugins/host.py7
-rw-r--r--ipaserver/plugins/service.py6
-rw-r--r--ipatests/test_xmlrpc/test_netgroup_plugin.py1
-rw-r--r--ipatests/test_xmlrpc/test_selinuxusermap_plugin.py1
-rw-r--r--ipatests/test_xmlrpc/test_service_plugin.py37
-rw-r--r--ipatests/test_xmlrpc/test_user_plugin.py2
-rw-r--r--ipatests/test_xmlrpc/tracker/host_plugin.py3
-rw-r--r--ipatests/test_xmlrpc/tracker/stageuser_plugin.py5
-rw-r--r--ipatests/test_xmlrpc/tracker/user_plugin.py4
11 files changed, 57 insertions, 17 deletions
diff --git a/VERSION b/VERSION
index b9b5485bc..1ca1f3358 100644
--- a/VERSION
+++ b/VERSION
@@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
# #
########################################################
IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=208
-# Last change: mbabinsk: Provide API for management of host, service, and user principal aliases
+IPA_API_VERSION_MINOR=209
+# Last change: mbabinsk: Unify display of principal names/aliases across entities
diff --git a/ipaserver/plugins/baseuser.py b/ipaserver/plugins/baseuser.py
index c80d5ac0d..0052e718a 100644
--- a/ipaserver/plugins/baseuser.py
+++ b/ipaserver/plugins/baseuser.py
@@ -149,9 +149,11 @@ class baseuser(LDAPObject):
'memberofindirect', 'ipauserauthtype', 'userclass',
'ipatokenradiusconfiglink', 'ipatokenradiususername',
'krbprincipalexpiration', 'usercertificate;binary',
+ 'krbprincipalname', 'krbcanonicalname'
]
search_display_attributes = [
- 'uid', 'givenname', 'sn', 'homedirectory', 'loginshell',
+ 'uid', 'givenname', 'sn', 'homedirectory', 'krbcanonicalname',
+ 'krbprincipalname', 'loginshell',
'mail', 'telephonenumber', 'title', 'nsaccountlock',
'uidnumber', 'gidnumber', 'sshpubkeyfp',
]
diff --git a/ipaserver/plugins/host.py b/ipaserver/plugins/host.py
index 1c1e934b9..2c5cf48cb 100644
--- a/ipaserver/plugins/host.py
+++ b/ipaserver/plugins/host.py
@@ -263,11 +263,12 @@ class host(LDAPObject):
permission_filter_objectclasses = ['ipahost']
# object_class_config = 'ipahostobjectclasses'
search_attributes = [
- 'fqdn', 'description', 'l', 'nshostlocation', 'krbprincipalname',
- 'nshardwareplatform', 'nsosversion', 'managedby',
+ 'fqdn', 'description', 'l', 'nshostlocation', 'krbcanonicalname',
+ 'krbprincipalname', 'nshardwareplatform', 'nsosversion', 'managedby',
]
default_attributes = [
- 'fqdn', 'description', 'l', 'nshostlocation', 'krbprincipalname',
+ 'fqdn', 'description', 'l', 'nshostlocation', 'krbcanonicalname',
+ 'krbprincipalname',
'nshardwareplatform', 'nsosversion', 'usercertificate', 'memberof',
'managedby', 'memberofindirect', 'macaddress',
'userclass', 'ipaallowedtoperform', 'ipaassignedidview', 'krbprincipalauthind'
diff --git a/ipaserver/plugins/service.py b/ipaserver/plugins/service.py
index 417be0011..28ea364e9 100644
--- a/ipaserver/plugins/service.py
+++ b/ipaserver/plugins/service.py
@@ -361,8 +361,10 @@ class service(LDAPObject):
possible_objectclasses = ['ipakrbprincipal', 'ipaallowedoperations']
permission_filter_objectclasses = ['ipaservice']
search_attributes = ['krbprincipalname', 'managedby', 'ipakrbauthzdata']
- default_attributes = ['krbprincipalname', 'usercertificate', 'managedby',
- 'ipakrbauthzdata', 'memberof', 'ipaallowedtoperform', 'krbprincipalauthind']
+ default_attributes = [
+ 'krbprincipalname', 'krbcanonicalname', 'usercertificate', 'managedby',
+ 'ipakrbauthzdata', 'memberof', 'ipaallowedtoperform',
+ 'krbprincipalauthind']
uuid_attribute = 'ipauniqueid'
attribute_members = {
'managedby': ['host'],
diff --git a/ipatests/test_xmlrpc/test_netgroup_plugin.py b/ipatests/test_xmlrpc/test_netgroup_plugin.py
index 6194fa4d4..b6f004ef2 100644
--- a/ipatests/test_xmlrpc/test_netgroup_plugin.py
+++ b/ipatests/test_xmlrpc/test_netgroup_plugin.py
@@ -231,6 +231,7 @@ class test_netgroup(Declarative):
description=[u'Test host 1'],
l=[u'Undisclosed location 1'],
krbprincipalname=[u'host/%s@%s' % (host1, api.env.realm)],
+ krbcanonicalname=[u'host/%s@%s' % (host1, api.env.realm)],
objectclass=objectclasses.host,
ipauniqueid=[fuzzy_uuid],
managedby_host=[host1],
diff --git a/ipatests/test_xmlrpc/test_selinuxusermap_plugin.py b/ipatests/test_xmlrpc/test_selinuxusermap_plugin.py
index 1acb38804..18fcebfdb 100644
--- a/ipatests/test_xmlrpc/test_selinuxusermap_plugin.py
+++ b/ipatests/test_xmlrpc/test_selinuxusermap_plugin.py
@@ -272,6 +272,7 @@ class test_selinuxusermap(Declarative):
description=[u'Test host 1'],
l=[u'Undisclosed location 1'],
krbprincipalname=[u'host/%s@%s' % (host1, api.env.realm)],
+ krbcanonicalname=[u'host/%s@%s' % (host1, api.env.realm)],
objectclass=objectclasses.host,
ipauniqueid=[fuzzy_uuid],
managedby_host=[host1],
diff --git a/ipatests/test_xmlrpc/test_service_plugin.py b/ipatests/test_xmlrpc/test_service_plugin.py
index 69af06873..54ae55963 100644
--- a/ipatests/test_xmlrpc/test_service_plugin.py
+++ b/ipatests/test_xmlrpc/test_service_plugin.py
@@ -114,6 +114,7 @@ class test_service(Declarative):
description=[u'Test host 1'],
l=[u'Undisclosed location 1'],
krbprincipalname=[u'host/%s@%s' % (fqdn1, api.env.realm)],
+ krbcanonicalname=[u'host/%s@%s' % (fqdn1, api.env.realm)],
objectclass=objectclasses.host,
ipauniqueid=[fuzzy_uuid],
managedby_host=[u'%s' % fqdn1],
@@ -142,6 +143,7 @@ class test_service(Declarative):
description=[u'Test host 2'],
l=[u'Undisclosed location 2'],
krbprincipalname=[u'host/%s@%s' % (fqdn2, api.env.realm)],
+ krbcanonicalname=[u'host/%s@%s' % (fqdn2, api.env.realm)],
objectclass=objectclasses.host,
ipauniqueid=[fuzzy_uuid],
managedby_host=[u'%s' % fqdn2],
@@ -170,6 +172,8 @@ class test_service(Declarative):
description=[u'Test host 3'],
l=[u'Undisclosed location 3'],
krbprincipalname=[u'host/%s@%s' % (fqdn3.lower(), api.env.realm)],
+ krbcanonicalname=[u'host/%s@%s' % (
+ fqdn3.lower(), api.env.realm)],
objectclass=objectclasses.host,
ipauniqueid=[fuzzy_uuid],
managedby_host=[u'%s' % fqdn3.lower()],
@@ -223,6 +227,7 @@ class test_service(Declarative):
result=dict(
dn=service1dn,
krbprincipalname=[service1],
+ krbcanonicalname=[service1],
has_keytab=False,
managedby_host=[fqdn1],
),
@@ -263,7 +268,7 @@ class test_service(Declarative):
dict(
dn=service1dn,
krbprincipalname=[service1],
- krbcanonicalname=service1,
+ krbcanonicalname=[service1],
managedby_host=[fqdn1],
has_keytab=False,
),
@@ -283,7 +288,7 @@ class test_service(Declarative):
dict(
dn=service1dn,
krbprincipalname=[service1],
- krbcanonicalname=service1,
+ krbcanonicalname=[service1],
has_keytab=False,
),
],
@@ -325,6 +330,7 @@ class test_service(Declarative):
result=dict(
dn=service1dn,
krbprincipalname=[service1],
+ krbcanonicalname=[service1],
managedby_host=[fqdn1],
),
),
@@ -340,6 +346,7 @@ class test_service(Declarative):
result=dict(
dn=service1dn,
krbprincipalname=[service1],
+ krbcanonicalname=[service1],
managedby_host=[fqdn1],
),
),
@@ -355,6 +362,7 @@ class test_service(Declarative):
result=dict(
dn=service1dn,
krbprincipalname=[service1],
+ krbcanonicalname=[service1],
managedby_host=[fqdn1, fqdn2],
),
),
@@ -370,6 +378,7 @@ class test_service(Declarative):
result=dict(
dn=service1dn,
krbprincipalname=[service1],
+ krbcanonicalname=[service1],
managedby_host=[fqdn1],
),
),
@@ -385,6 +394,7 @@ class test_service(Declarative):
result=dict(
dn=service1dn,
krbprincipalname=[service1],
+ krbcanonicalname=[service1],
managedby_host=[fqdn1, fqdn3.lower()],
),
),
@@ -400,6 +410,7 @@ class test_service(Declarative):
result=dict(
dn=service1dn,
krbprincipalname=[service1],
+ krbcanonicalname=[service1],
managedby_host=[fqdn1],
),
),
@@ -428,6 +439,7 @@ class test_service(Declarative):
result=dict(
usercertificate=[base64.b64decode(servercert)],
krbprincipalname=[service1],
+ krbcanonicalname=[service1],
managedby_host=[fqdn1],
valid_not_before=fuzzy_date,
valid_not_after=fuzzy_date,
@@ -463,6 +475,7 @@ class test_service(Declarative):
result=dict(
usercertificate=[base64.b64decode(servercert)],
krbprincipalname=[service1],
+ krbcanonicalname=[service1],
managedby_host=[fqdn1],
ipakrbauthzdata=[u'MS-PAC'],
valid_not_before=fuzzy_date,
@@ -488,6 +501,7 @@ class test_service(Declarative):
dn=service1dn,
usercertificate=[base64.b64decode(servercert)],
krbprincipalname=[service1],
+ krbcanonicalname=[service1],
has_keytab=False,
managedby_host=[fqdn1],
ipakrbauthzdata=[u'MS-PAC'],
@@ -515,6 +529,7 @@ class test_service(Declarative):
result=dict(
usercertificate=[base64.b64decode(servercert)],
krbprincipalname=[service1],
+ krbcanonicalname=[service1],
managedby_host=[fqdn1],
ipakrbauthzdata=[u'MS-PAC'],
valid_not_before=fuzzy_date,
@@ -542,6 +557,7 @@ class test_service(Declarative):
result=dict(
usercertificate=[base64.b64decode(servercert)],
krbprincipalname=[service1],
+ krbcanonicalname=[service1],
managedby_host=[fqdn1],
ipakrbauthzdata=[u'MS-PAC'],
valid_not_before=fuzzy_date,
@@ -567,6 +583,7 @@ class test_service(Declarative):
result=dict(
usercertificate=[base64.b64decode(servercert)],
krbprincipalname=[service1],
+ krbcanonicalname=[service1],
managedby_host=[fqdn1],
ipakrbauthzdata=[u'MS-PAC'],
valid_not_before=fuzzy_date,
@@ -623,7 +640,7 @@ class test_service(Declarative):
desc='Create service with malformed principal "foo"',
command=('service_add', [u'foo'], {}),
expected=errors.ValidationError(
- name='principal',
+ name='canonical_principal',
error='Service principal is required')
),
@@ -702,6 +719,7 @@ class test_service_in_role(Declarative):
description=[u'Test host 1'],
l=[u'Undisclosed location 1'],
krbprincipalname=[u'host/%s@%s' % (fqdn1, api.env.realm)],
+ krbcanonicalname=[u'host/%s@%s' % (fqdn1, api.env.realm)],
objectclass=objectclasses.host,
ipauniqueid=[fuzzy_uuid],
managedby_host=[u'%s' % fqdn1],
@@ -776,6 +794,7 @@ class test_service_in_role(Declarative):
result=dict(
dn=service1dn,
krbprincipalname=[service1],
+ krbcanonicalname=[service1],
managedby_host=[fqdn1],
memberof_role=[role1],
has_keytab=False,
@@ -889,6 +908,7 @@ class test_service_allowed_to(Declarative):
description=[u'Test host 1'],
l=[u'Undisclosed location 1'],
krbprincipalname=[u'host/%s@%s' % (fqdn1, api.env.realm)],
+ krbcanonicalname=[u'host/%s@%s' % (fqdn1, api.env.realm)],
objectclass=objectclasses.host,
ipauniqueid=[fuzzy_uuid],
managedby_host=[u'%s' % fqdn1],
@@ -952,6 +972,7 @@ class test_service_allowed_to(Declarative):
dn=service1dn,
ipaallowedtoperform_read_keys_user=[user1],
krbprincipalname=[service1],
+ krbcanonicalname=[service1],
managedby_host=[fqdn1],
),
),
@@ -975,6 +996,7 @@ class test_service_allowed_to(Declarative):
dn=service1dn,
ipaallowedtoperform_read_keys_user=[user1],
krbprincipalname=[service1],
+ krbcanonicalname=[service1],
managedby_host=[fqdn1],
),
),
@@ -1003,6 +1025,7 @@ class test_service_allowed_to(Declarative):
ipaallowedtoperform_read_keys_host=[fqdn1],
ipaallowedtoperform_read_keys_hostgroup=[hostgroup1],
krbprincipalname=[service1],
+ krbcanonicalname=[service1],
managedby_host=[fqdn1],
),
),
@@ -1029,6 +1052,7 @@ class test_service_allowed_to(Declarative):
ipaallowedtoperform_read_keys_host=[fqdn1],
ipaallowedtoperform_read_keys_hostgroup=[hostgroup1],
krbprincipalname=[service1],
+ krbcanonicalname=[service1],
managedby_host=[fqdn1],
),
),
@@ -1055,6 +1079,7 @@ class test_service_allowed_to(Declarative):
ipaallowedtoperform_read_keys_host=[fqdn1],
ipaallowedtoperform_read_keys_hostgroup=[hostgroup1],
krbprincipalname=[service1],
+ krbcanonicalname=[service1],
managedby_host=[fqdn1],
),
),
@@ -1087,6 +1112,7 @@ class test_service_allowed_to(Declarative):
ipaallowedtoperform_write_keys_host=[fqdn1],
ipaallowedtoperform_write_keys_hostgroup=[hostgroup1],
krbprincipalname=[service1],
+ krbcanonicalname=[service1],
managedby_host=[fqdn1],
),
),
@@ -1118,6 +1144,7 @@ class test_service_allowed_to(Declarative):
ipaallowedtoperform_write_keys_host=[fqdn1],
ipaallowedtoperform_write_keys_hostgroup=[hostgroup1],
krbprincipalname=[service1],
+ krbcanonicalname=[service1],
managedby_host=[fqdn1],
),
),
@@ -1148,6 +1175,7 @@ class test_service_allowed_to(Declarative):
ipaallowedtoperform_write_keys_host=[fqdn1],
ipaallowedtoperform_write_keys_hostgroup=[hostgroup1],
krbprincipalname=[service1],
+ krbcanonicalname=[service1],
managedby_host=[fqdn1],
),
),
@@ -1178,6 +1206,7 @@ class test_service_allowed_to(Declarative):
ipaallowedtoperform_write_keys_host=[fqdn1],
ipaallowedtoperform_write_keys_hostgroup=[hostgroup1],
krbprincipalname=[service1],
+ krbcanonicalname=[service1],
managedby_host=[fqdn1],
),
),
@@ -1201,6 +1230,7 @@ class test_service_allowed_to(Declarative):
ipaallowedtoperform_write_keys_host=[fqdn1],
ipaallowedtoperform_write_keys_hostgroup=[hostgroup1],
krbprincipalname=[service1],
+ krbcanonicalname=[service1],
managedby_host=[fqdn1],
),
),
@@ -1225,6 +1255,7 @@ class test_service_allowed_to(Declarative):
ipaallowedtoperform_write_keys_hostgroup=[hostgroup1],
ipakrbokasdelegate=True,
krbprincipalname=[service1],
+ krbcanonicalname=[service1],
krbticketflags=[u'1048704'],
managedby_host=[fqdn1],
),
diff --git a/ipatests/test_xmlrpc/test_user_plugin.py b/ipatests/test_xmlrpc/test_user_plugin.py
index 8245dc7f0..def522814 100644
--- a/ipatests/test_xmlrpc/test_user_plugin.py
+++ b/ipatests/test_xmlrpc/test_user_plugin.py
@@ -955,6 +955,8 @@ def get_user_result(uid, givenname, sn, operation='show', omit=[],
uid=[uid],
uidnumber=[fuzzy_digits],
gidnumber=[fuzzy_digits],
+ krbcanonicalname=[u'%s@%s' % (uid, api.env.realm)],
+ krbprincipalname=[u'%s@%s' % (uid, api.env.realm)],
mail=[u'%s@%s' % (uid, api.env.domain)],
has_keytab=False,
has_password=False,
diff --git a/ipatests/test_xmlrpc/tracker/host_plugin.py b/ipatests/test_xmlrpc/tracker/host_plugin.py
index 21088f22c..03113b8fe 100644
--- a/ipatests/test_xmlrpc/tracker/host_plugin.py
+++ b/ipatests/test_xmlrpc/tracker/host_plugin.py
@@ -22,7 +22,8 @@ class HostTracker(Tracker):
``fqdn`` and ``dn``.
"""
retrieve_keys = {
- 'dn', 'fqdn', 'description', 'l', 'krbprincipalname', 'managedby_host',
+ 'dn', 'fqdn', 'description', 'l', 'krbcanonicalname',
+ 'krbprincipalname', 'managedby_host',
'has_keytab', 'has_password', 'issuer', 'md5_fingerprint',
'serial_number', 'serial_number_hex', 'sha1_fingerprint',
'subject', 'usercertificate', 'valid_not_after', 'valid_not_before',
diff --git a/ipatests/test_xmlrpc/tracker/stageuser_plugin.py b/ipatests/test_xmlrpc/tracker/stageuser_plugin.py
index c741e3eb4..9bcb1069f 100644
--- a/ipatests/test_xmlrpc/tracker/stageuser_plugin.py
+++ b/ipatests/test_xmlrpc/tracker/stageuser_plugin.py
@@ -44,11 +44,10 @@ class StageUserTracker(Tracker):
u'usercertificate', u'dn', u'has_keytab', u'has_password',
u'street', u'postalcode', u'facsimiletelephonenumber',
u'carlicense', u'ipasshpubkey', u'sshpubkeyfp', u'l',
- u'st', u'mobile', u'pager', }
+ u'st', u'mobile', u'pager', u'krbcanonicalname', u'krbprincipalname'}
retrieve_all_keys = retrieve_keys | {
u'cn', u'ipauniqueid', u'objectclass', u'description',
- u'displayname', u'gecos', u'initials', u'krbcanonicalname',
- u'krbprincipalname', u'manager'}
+ u'displayname', u'gecos', u'initials', u'manager'}
create_keys = retrieve_all_keys | {
u'objectclass', u'ipauniqueid', u'randompassword',
diff --git a/ipatests/test_xmlrpc/tracker/user_plugin.py b/ipatests/test_xmlrpc/tracker/user_plugin.py
index 3585e7585..1a85e9332 100644
--- a/ipatests/test_xmlrpc/tracker/user_plugin.py
+++ b/ipatests/test_xmlrpc/tracker/user_plugin.py
@@ -28,6 +28,7 @@ class UserTracker(Tracker):
u'ipatokenradiusconfiglink', u'ipatokenradiususername',
u'krbprincipalexpiration', u'usercertificate;binary',
u'has_keytab', u'has_password', u'memberof_group', u'sshpubkeyfp',
+ u'krbcanonicalname', 'krbprincipalname'
}
retrieve_all_keys = retrieve_keys | {
@@ -36,8 +37,7 @@ class UserTracker(Tracker):
u'l', u'mobile', u'krbextradata', u'krblastpwdchange',
u'krbpasswordexpiration', u'pager', u'st', u'manager', u'cn',
u'ipauniqueid', u'objectclass', u'mepmanagedentry',
- u'displayname', u'gecos', u'initials', u'krbcanonicalname',
- 'krbprincipalname', u'preserved'}
+ u'displayname', u'gecos', u'initials', u'preserved'}
retrieve_preserved_keys = (retrieve_keys - {u'memberof_group'}) | {
u'preserved'}
generated by cgit (git 2.34.1) at 2024-05-04 08:33:09 +0000