summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2010-05-21 16:27:40 -0400
committerRob Crittenden <rcritten@redhat.com>2010-05-27 10:51:02 -0400
commite123fa66719c7f71587383406d3205d17e60f669 (patch)
tree3e2031fb473beb913fe58ab8bb236d1aa792d975
parentfe7cb34f76a04e04e4dd0ffe9e1795752b422e26 (diff)
downloadfreeipa-e123fa66719c7f71587383406d3205d17e60f669.tar.gz
freeipa-e123fa66719c7f71587383406d3205d17e60f669.tar.xz
freeipa-e123fa66719c7f71587383406d3205d17e60f669.zip
Add ipaUniqueID to HBAC services and service groups
Also fix the memberOf attribute for the HBAC services
-rw-r--r--install/share/60basev2.ldif2
-rw-r--r--install/share/default-hbac.ldif30
-rw-r--r--install/updates/Makefile.am1
-rw-r--r--ipalib/plugins/hbacsvc.py5
-rw-r--r--ipalib/plugins/hbacsvcgroup.py3
-rw-r--r--tests/test_xmlrpc/objectclasses.py2
-rw-r--r--tests/test_xmlrpc/test_hbacsvcgroup_plugin.py2
7 files changed, 10 insertions, 35 deletions
diff --git a/install/share/60basev2.ldif b/install/share/60basev2.ldif
index 10edaba61..0112142c2 100644
--- a/install/share/60basev2.ldif
+++ b/install/share/60basev2.ldif
@@ -42,7 +42,7 @@ objectClasses: (1.3.6.1.1.1.2.16 NAME 'automountMap' DESC 'Automount Map informa
objectClasses: (1.3.6.1.1.1.2.17 NAME 'automount' DESC 'Automount information' SUP top STRUCTURAL MUST ( automountKey $ automountInformation ) MAY description X-ORIGIN 'RFC 2307bis' )
attributeTypes: (2.16.840.1.113730.3.8.3.17 NAME 'hostCApolicy' DESC 'Policy on how to treat host requests for cert operations.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730.3.8.4.9 NAME 'ipaCAaccess' STRUCTURAL MAY (member $ hostCApolicy) X-ORIGIN 'IPA v2' )
-objectClasses: (2.16.840.1.113730.3.8.4.10 NAME 'ipaHBACService' AUXILIARY MUST ( cn ) MAY ( description ) X-ORIGIN 'IPA v2' )
+objectClasses: (2.16.840.1.113730.3.8.4.10 NAME 'ipaHBACService' AUXILIARY MUST ( cn ) MAY ( description $ memberOf ) X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730.3.8.4.11 NAME 'ipaHBACServiceGroup' DESC 'IPA HBAC service group object class' SUP nestedGroup STRUCTURAL X-ORIGIN 'IPA v2' )
attributeTypes: (1.3.6.1.4.1.2428.20.0.0 NAME 'dNSTTL' DESC 'An integer denoting time to live' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributeTypes: (1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass' DESC 'The class of a resource record' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
diff --git a/install/share/default-hbac.ldif b/install/share/default-hbac.ldif
index ecbaeaedd..29ec88838 100644
--- a/install/share/default-hbac.ldif
+++ b/install/share/default-hbac.ldif
@@ -13,33 +13,3 @@ ipaenabledflag: TRUE
description: Allow all users to access any host from any host
# ipauniqueid gets added for us by 389-ds
-dn: cn=sshd,cn=hbacservices,cn=accounts,$SUFFIX
-changetype: add
-objectclass: ipahbacservice
-cn: sshd
-description: sshd
-
-dn: cn=ftp,cn=hbacservices,cn=accounts,$SUFFIX
-changetype: add
-objectclass: ipahbacservice
-cn: ftp
-description: ftp
-
-dn: cn=sudo,cn=hbacservices,cn=accounts,$SUFFIX
-changetype: add
-objectclass: ipahbacservice
-cn: sudo
-description: sudo
-
-dn: cn=su,cn=hbacservices,cn=accounts,$SUFFIX
-changetype: add
-objectclass: ipahbacservice
-cn: su
-description: su
-
-dn: cn=login,cn=hbacservices,cn=accounts,$SUFFIX
-changetype: add
-objectclass: ipahbacservice
-cn: login
-description: login
-
diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am
index 24a1b5e58..72acf7f4a 100644
--- a/install/updates/Makefile.am
+++ b/install/updates/Makefile.am
@@ -10,6 +10,7 @@ app_DATA = \
20-replication.update \
20-winsync_index.update \
30-automount.update \
+ 30-hbacsvc.update \
30-groupofhosts.update \
30-netgroups.update \
30-rolegroup.update \
diff --git a/ipalib/plugins/hbacsvc.py b/ipalib/plugins/hbacsvc.py
index a85d94019..f6eda165f 100644
--- a/ipalib/plugins/hbacsvc.py
+++ b/ipalib/plugins/hbacsvc.py
@@ -36,10 +36,9 @@ class hbacsvc(LDAPObject):
container_dn = api.env.container_hbacservice
object_name = 'service'
object_name_plural = 'services'
- object_class = [
- 'ipahbacservice',
- ]
+ object_class = [ 'ipaobject', 'ipahbacservice' ]
default_attributes = ['cn', 'description']
+ uuid_attribute = 'ipauniqueid'
label = _('Services')
diff --git a/ipalib/plugins/hbacsvcgroup.py b/ipalib/plugins/hbacsvcgroup.py
index 37ea94f43..cc0d4fd46 100644
--- a/ipalib/plugins/hbacsvcgroup.py
+++ b/ipalib/plugins/hbacsvcgroup.py
@@ -32,8 +32,9 @@ class hbacsvcgroup(LDAPObject):
container_dn = api.env.container_hbacservicegroup
object_name = 'servicegroup'
object_name_plural = 'servicegroups'
- object_class = ['ipahbacservicegroup']
+ object_class = ['ipaobject', 'ipahbacservicegroup']
default_attributes = [ 'cn', 'description', 'member', 'memberof', ]
+ uuid_attribute = 'ipauniqueid'
attribute_members = {
'member': ['hbacsvc', 'hbacsvcgroup'],
'memberof': ['hbacsvcgroup'],
diff --git a/tests/test_xmlrpc/objectclasses.py b/tests/test_xmlrpc/objectclasses.py
index 505190241..65811fa74 100644
--- a/tests/test_xmlrpc/objectclasses.py
+++ b/tests/test_xmlrpc/objectclasses.py
@@ -83,10 +83,12 @@ service = [
]
hbacsvc = [
+ u'ipaobject',
u'ipahbacservice',
]
hbacsvcgroup = [
+ u'ipaobject',
u'ipahbacservicegroup',
u'nestedGroup',
u'groupOfNames',
diff --git a/tests/test_xmlrpc/test_hbacsvcgroup_plugin.py b/tests/test_xmlrpc/test_hbacsvcgroup_plugin.py
index c06dc8b45..8264ae903 100644
--- a/tests/test_xmlrpc/test_hbacsvcgroup_plugin.py
+++ b/tests/test_xmlrpc/test_hbacsvcgroup_plugin.py
@@ -77,6 +77,7 @@ class test_hbacsvcgroup(Declarative):
cn=[hbacsvcgroup1],
objectclass=objectclasses.hbacsvcgroup,
description=[u'Test hbacsvcgroup 1'],
+ ipauniqueid=[fuzzy_uuid],
),
),
),
@@ -106,6 +107,7 @@ class test_hbacsvcgroup(Declarative):
cn=[hbacsvc1],
description=[u'Test service 1'],
objectclass=objectclasses.hbacsvc,
+ ipauniqueid=[fuzzy_uuid],
),
),
),