idviews: Create Default Trust View for upgraded servers

For upgraded servers with enabled AD trust support, we want to ensure that Default Trust View entry is created. Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
author: Tomas Babej <tbabej@redhat.com> 2014-09-30 08:49:54 +0200
committer: Martin Kosek <mkosek@redhat.com> 2014-09-30 10:42:06 +0200
commit: 2a230b6cc16037fbf56d79bfde2fb4d1ab386ef6 (patch)
tree: 46ba855898f72a0899168ff5335bf41054fba56d /ipaserver
parent: 51816930a662e0312589cca2981e8ae4d32da779 (diff)
download: freeipa-2a230b6cc16037fbf56d79bfde2fb4d1ab386ef6.tar.gz
freeipa-2a230b6cc16037fbf56d79bfde2fb4d1ab386ef6.tar.xz
freeipa-2a230b6cc16037fbf56d79bfde2fb4d1ab386ef6.zip
1 files changed, 48 insertions, 0 deletions
diff --git a/ipaserver/install/plugins/adtrust.py b/ipaserver/install/plugins/adtrust.py
index d567aea8e..e5082fe04 100644
--- a/ipaserver/install/plugins/adtrust.py
+++ b/ipaserver/install/plugins/adtrust.py
@@ -117,4 +117,52 @@ class update_default_range(PostUpdate):
 
         return (False, True, [updates])
 
+
+class update_default_trust_view(PostUpdate):
+    """
+    Create Default Trust View for upgraded servers.
+    """
+    order = MIDDLE
+
+    def execute(self, **options):
+        ldap = self.obj.backend
+
+        default_trust_view_dn = DN(('cn', 'Default Trust View'),
+                                   api.env.container_views,
+                                   api.env.basedn)
+
+        default_trust_view_entry = [
+            'objectclass: top',
+            'objectclass: ipaIDView'
+            'cn: Default Trust View',
+            'description: Default Trust View for AD users. '
+                         'Should not be deleted.'
+            ]
+
+        # First, see if trusts are enabled on the server
+        if not self.api.Command.adtrust_is_enabled()['result']:
+            self.log.info('AD Trusts are not enabled on this server')
+            return (False, False, [])
+
+        # Second, make sure the Default Trust View does not exist yet
+        try:
+            ldap.get_entry(default_trust_view_dn)
+        except errors.NotFound:
+            pass
+        else:
+            self.log.info('Default Trust View already present on this server')
+            return (False, False, [])
+
+        # We have a server with AD trust support without Default Trust View.
+        # Create the Default Trust View entry.
+
+        updates = {}
+        updates[default_trust_view_dn] = {
+            'dn': default_trust_view_dn,
+            'default': default_trust_view_entry
+        }
+
+        return (False, True, [updates])
+
 api.register(update_default_range)
+api.register(update_default_trust_view)
author	Tomas Babej <tbabej@redhat.com>	2014-09-30 08:49:54 +0200
committer	Martin Kosek <mkosek@redhat.com>	2014-09-30 10:42:06 +0200
commit	2a230b6cc16037fbf56d79bfde2fb4d1ab386ef6 (patch)
tree	46ba855898f72a0899168ff5335bf41054fba56d /ipaserver
parent	51816930a662e0312589cca2981e8ae4d32da779 (diff)
download	freeipa-2a230b6cc16037fbf56d79bfde2fb4d1ab386ef6.tar.gz freeipa-2a230b6cc16037fbf56d79bfde2fb4d1ab386ef6.tar.xz freeipa-2a230b6cc16037fbf56d79bfde2fb4d1ab386ef6.zip