diff options
author | Ana Krivokapic <akrivoka@redhat.com> | 2013-08-02 16:14:27 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2013-08-07 09:18:43 +0200 |
commit | 6e28e709ed07798740e5469d166f3996a643e322 (patch) | |
tree | bfef412c24e5eeb0a2613e71f0df8805b32bd916 /ipalib | |
parent | efe5a96725d3ddcd05b03a1ca9df5597eee693be (diff) | |
download | freeipa-6e28e709ed07798740e5469d166f3996a643e322.tar.gz freeipa-6e28e709ed07798740e5469d166f3996a643e322.tar.xz freeipa-6e28e709ed07798740e5469d166f3996a643e322.zip |
Add new command compat-is-enabled
Add a new API command 'compat-is-enabled' which can be used to determine
whether Schema Compatibility plugin is configured to serve trusted domain
users and groups. The new command is not visible in IPA CLI.
https://fedorahosted.org/freeipa/ticket/3671
https://fedorahosted.org/freeipa/ticket/3672
Diffstat (limited to 'ipalib')
-rw-r--r-- | ipalib/plugins/trust.py | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/ipalib/plugins/trust.py b/ipalib/plugins/trust.py index b19a27eca..8790dcd2a 100644 --- a/ipalib/plugins/trust.py +++ b/ipalib/plugins/trust.py @@ -990,3 +990,47 @@ class adtrust_is_enabled(Command): return dict(result=True) api.register(adtrust_is_enabled) + + +class compat_is_enabled(Command): + NO_CLI = True + + __doc__ = _('Determine whether Schema Compatibility plugin is configured ' + 'to serve trusted domain users and groups') + + def execute(self, *keys, **options): + ldap = self.api.Backend.ldap2 + users_dn = DN( + ('cn', 'users'), + ('cn', 'Schema Compatibility'), + ('cn', 'plugins'), + ('cn', 'config') + ) + groups_dn = DN( + ('cn', 'groups'), + ('cn', 'Schema Compatibility'), + ('cn', 'plugins'), + ('cn', 'config') + ) + + try: + users_entry = ldap.get_entry(users_dn) + except errors.NotFound: + return dict(result=False) + + attr = users_entry.get('schema-compat-lookup-nsswitch') + if not attr or 'user' not in attr: + return dict(result=False) + + try: + groups_entry = ldap.get_entry(groups_dn) + except errors.NotFound: + return dict(result=False) + + attr = groups_entry.get('schema-compat-lookup-nsswitch') + if not attr or 'group' not in attr: + return dict(result=False) + + return dict(result=True) + +api.register(compat_is_enabled) |