Merge branch 'master' of git://git.engineering.redhat.com/users/rcritten/freeipa2

author: Jason Gerard DeRose <jderose@redhat.com> 2009-01-21 12:42:40 -0700
committer: Jason Gerard DeRose <jderose@redhat.com> 2009-01-21 12:42:40 -0700
commit: 5616af19b137e22013b040f0480bfef37e7ad23f (patch)
tree: 149f83049cc189755ade4d708e4a0eeba8a8165d /ipaserver
parent: f22f3eabb20e6c46f78ba5c40d75bb52b7872060 (diff)
parent: aba16941ee6826b0d65d11e73efb8a62f4a35da1 (diff)
download: freeipa-5616af19b137e22013b040f0480bfef37e7ad23f.tar.gz
freeipa-5616af19b137e22013b040f0480bfef37e7ad23f.tar.xz
freeipa-5616af19b137e22013b040f0480bfef37e7ad23f.zip
4 files changed, 38 insertions, 19 deletions
diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py
index 19fd40efd..4a2e4e31c 100644
--- a/ipaserver/ipaldap.py
+++ b/ipaserver/ipaldap.py
@@ -111,6 +111,13 @@ class Entry:
 
     setValues = setValue
 
+    def delAttr(self, name):
+        """
+        Entirely remove an attribute of this entry.
+        """
+        if self.hasAttr(name):
+            del self.data[name]
+
     def toTupleList(self):
         """Convert the attrs and values to a list of 2-tuples.  The first element
         of the tuple is the attribute name.  The second element is either a
@@ -375,7 +382,7 @@ class IPAdmin(SimpleLDAPObject):
         except ldap.ALREADY_EXISTS, e:
             raise errors.DuplicateEntry, "Entry already exists"
         except ldap.LDAPError, e:
-            raise DatabaseError, e
+            raise errors.DatabaseError, e
         return True
 
     def updateRDN(self, dn, newrdn):
@@ -392,7 +399,7 @@ class IPAdmin(SimpleLDAPObject):
                 self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl)
             self.modrdn_s(dn, newrdn, delold=1)
         except ldap.LDAPError, e:
-            raise DatabaseError, e
+            raise errors.DatabaseError, e
         return True
 
     def updateEntry(self,dn,oldentry,newentry):
@@ -474,7 +481,7 @@ class IPAdmin(SimpleLDAPObject):
                 self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl)
             self.modify_s(dn, modlist)
         except ldap.LDAPError, e:
-             raise DatabaseError, e
+             raise errors.DatabaseError, e
         return True
 
     def deleteEntry(self,*args):
diff --git a/ipaserver/plugins/b_ldap.py b/ipaserver/plugins/b_ldap.py
index 2d6ad6258..9e06ce51b 100644
--- a/ipaserver/plugins/b_ldap.py
+++ b/ipaserver/plugins/b_ldap.py
@@ -190,23 +190,23 @@ class ldap(CrudBackend):
     def modify_password(self, dn, **kw):
         return servercore.modify_password(dn, kw.get('oldpass'), kw.get('newpass'))
 
-    def add_member_to_group(self, memberdn, groupdn):
+    def add_member_to_group(self, memberdn, groupdn, memberattr='member'):
         """
         Add a new member to a group.
 
         :param memberdn: the DN of the member to add
         :param groupdn: the DN of the group to add a member to
         """
-        return servercore.add_member_to_group(memberdn, groupdn)
+        return servercore.add_member_to_group(memberdn, groupdn, memberattr)
 
-    def remove_member_from_group(self, memberdn, groupdn):
+    def remove_member_from_group(self, memberdn, groupdn, memberattr='member'):
         """
         Remove a new member from a group.
 
         :param memberdn: the DN of the member to remove
         :param groupdn: the DN of the group to remove a member from
         """
-        return servercore.remove_member_from_group(memberdn, groupdn)
+        return servercore.remove_member_from_group(memberdn, groupdn, memberattr)
 
     # The CRUD operations
 
@@ -227,6 +227,7 @@ class ldap(CrudBackend):
             else:
                 assert type(value) in (str, unicode, bool, int, float)
                 yield (key, value)
+                yield (key, value)
 
     def create(self, **kw):
         if servercore.entry_exists(kw['dn']):
@@ -251,13 +252,18 @@ class ldap(CrudBackend):
 
     def update(self, dn, **kw):
         result = self.retrieve(dn, ["*"])
+        start_keys = kw.keys()
 
         entry = ipaldap.Entry((dn, servercore.convert_scalar_values(result)))
         kw = dict(self.strip_none(kw))
         for k in kw:
             entry.setValues(k, kw[k])
 
-        servercore.update_entry(entry.toDict())
+        remove_keys = list(set(start_keys) - set(kw.keys()))
+        for k in remove_keys:
+            entry.delAttr(k)
+
+        servercore.update_entry(entry.toDict(), remove_keys)
 
         return self.retrieve(dn)
 
diff --git a/ipaserver/servercore.py b/ipaserver/servercore.py
index 6991989e5..362013401 100644
--- a/ipaserver/servercore.py
+++ b/ipaserver/servercore.py
@@ -227,16 +227,19 @@ def uid_too_long(uid):
 
     return False
 
-def update_entry (entry):
+def update_entry (entry, remove_keys=[]):
     """Update an LDAP entry
 
        entry is a dict
+       remove_keys is a list of attributes to remove from this entry
 
        This refreshes the record from LDAP in order to obtain the list of
-       attributes that has changed.
+       attributes that has changed. It only retrieves the attributes that
+       are in the update so attributes aren't inadvertantly lost.
     """
+    assert type(remove_keys) is list
     attrs = entry.keys()
-    o = get_base_entry(entry['dn'], "objectclass=*", attrs)
+    o = get_base_entry(entry['dn'], "objectclass=*", attrs + remove_keys)
     oldentry = convert_scalar_values(o)
     newentry = convert_scalar_values(entry)
 
@@ -395,7 +398,7 @@ def mark_entry_inactive (dn):
 
     return res
 
-def add_member_to_group(member_dn, group_dn):
+def add_member_to_group(member_dn, group_dn, memberattr='member'):
     """
     Add a member to an existing group.
     """
@@ -414,18 +417,18 @@ def add_member_to_group(member_dn, group_dn):
         raise errors.NotFound
 
     # Add the new member to the group member attribute
-    members = group.get('member', [])
+    members = group.get(memberattr, [])
     if isinstance(members, basestring):
         members = [members]
     members.append(member_dn)
-    group['member'] = members
+    group[memberattr] = members
 
     try:
         return update_entry(group)
     except errors.EmptyModlist:
         raise
 
-def remove_member_from_group(member_dn, group_dn=None):
+def remove_member_from_group(member_dn, group_dn, memberattr='member'):
     """Remove a member_dn from an existing group."""
 
     group = get_entry_by_dn(group_dn, None)
@@ -439,7 +442,7 @@ def remove_member_from_group(member_dn, group_dn=None):
     """
     api.log.info("IPA: remove_member_from_group '%s' from '%s'" % (member_dn, group_dn))
 
-    members = group.get('member', False)
+    members = group.get(memberattr, False)
     if not members:
         raise errors.NotGroupMember
 
@@ -456,7 +459,7 @@ def remove_member_from_group(member_dn, group_dn=None):
     except Exception, e:
         raise e
 
-    group['member'] = members
+    group[memberattr] = members
 
     try:
         return update_entry(group)
diff --git a/ipaserver/updates/host.update b/ipaserver/updates/host.update
index dfc9723cf..f5ecda5ac 100644
--- a/ipaserver/updates/host.update
+++ b/ipaserver/updates/host.update
@@ -18,5 +18,8 @@ add: objectClasses:
     AUXILIARY 
     MAY ( userPassword $ ipaClientVersion $ enrolledBy) 
     X-ORIGIN 'IPA v2' )
-
-
+add: objectClasses:
+  ( 2.5.6.21 NAME 'pkiUser'
+   SUP top AUXILIARY
+   MAY ( userCertificate )
+   X-ORIGIN 'RFC 2587' )
author	Jason Gerard DeRose <jderose@redhat.com>	2009-01-21 12:42:40 -0700
committer	Jason Gerard DeRose <jderose@redhat.com>	2009-01-21 12:42:40 -0700
commit	5616af19b137e22013b040f0480bfef37e7ad23f (patch)
tree	149f83049cc189755ade4d708e4a0eeba8a8165d /ipaserver
parent	f22f3eabb20e6c46f78ba5c40d75bb52b7872060 (diff)
parent	aba16941ee6826b0d65d11e73efb8a62f4a35da1 (diff)
download	freeipa-5616af19b137e22013b040f0480bfef37e7ad23f.tar.gz freeipa-5616af19b137e22013b040f0480bfef37e7ad23f.tar.xz freeipa-5616af19b137e22013b040f0480bfef37e7ad23f.zip