ipalib: introduce Principal parameter

This patch introduces a separate Principal parameter that allows the framework
to syntactically validate incoming/outcoming principals by using a single
shared codebase.

https://fedorahosted.org/freeipa/ticket/3864

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>

1 files changed, 5 insertions, 1 deletions

diff --git a/ipapython/ipaldap.py b/ipapython/ipaldap.py
index 9258fafe1..704e71a94 100644
--- a/ipapython/ipaldap.py
+++ b/ipapython/ipaldap.py
@@ -42,6 +42,7 @@ from ipapython.ipautil import (
 from ipapython.ipa_log_manager import log_mgr
 from ipapython.dn import DN
 from ipapython.dnsutil import DNSName
+from ipapython.kerberos import Principal
 
 if six.PY3:
     unicode = str
@@ -686,6 +687,8 @@ class LDAPClient(object):
         'idnssoamname':    DNSName,
         'idnssoarname':    DNSName,
         'dnszoneidnsname': DNSName,
+        'krbcanonicalname': Principal,
+        'krbprincipalname': Principal,
         'nsds5replicalastupdatestart': unicode,
         'nsds5replicalastupdateend': unicode,
         'nsds5replicalastinitstart': unicode,
@@ -847,7 +850,8 @@ class LDAPClient(object):
                 return 'TRUE'
             else:
                 return 'FALSE'
-        elif isinstance(val, (unicode, six.integer_types, Decimal, DN)):
+        elif isinstance(val, (unicode, six.integer_types, Decimal, DN,
+                              Principal)):
             return value_to_utf8(val)
         elif isinstance(val, DNSName):
             return val.to_text()