diff options
-rw-r--r-- | ACI.txt | 2 | ||||
-rw-r--r-- | API.txt | 6 | ||||
-rw-r--r-- | VERSION.m4 | 4 | ||||
-rw-r--r-- | ipaserver/plugins/idviews.py | 33 |
4 files changed, 38 insertions, 7 deletions
@@ -183,7 +183,7 @@ aci: (targetattr = "createtimestamp || description || entryusn || gecos || gidnu dn: cn=ranges,cn=etc,dc=ipa,dc=example aci: (targetattr = "cn || createtimestamp || entryusn || ipabaseid || ipabaserid || ipaidrangesize || ipanttrusteddomainsid || iparangetype || ipasecondarybaserid || modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaidrange)")(version 3.0;acl "permission:System: Read ID Ranges";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=views,cn=accounts,dc=ipa,dc=example -aci: (targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || objectclass")(targetfilter = "(objectclass=nsContainer)")(version 3.0;acl "permission:System: Read ID Views";allow (compare,read,search) userdn = "ldap:///all";) +aci: (targetattr = "cn || createtimestamp || description || entryusn || ipadomainresolutionorder || modifytimestamp || objectclass")(targetfilter = "(objectclass=nsContainer)")(version 3.0;acl "permission:System: Read ID Views";allow (compare,read,search) userdn = "ldap:///all";) dn: cn=IPA.EXAMPLE,cn=kerberos,dc=ipa,dc=example aci: (targetattr = "createtimestamp || entryusn || krbdefaultencsalttypes || krbmaxrenewableage || krbmaxticketlife || krbsupportedencsalttypes || modifytimestamp || objectclass")(targetfilter = "(objectclass=krbticketpolicyaux)")(version 3.0;acl "permission:System: Read Default Kerberos Ticket Policy";allow (compare,read,search) groupdn = "ldap:///cn=System: Read Default Kerberos Ticket Policy,cn=permissions,cn=pbac,dc=ipa,dc=example";) dn: cn=users,cn=accounts,dc=ipa,dc=example @@ -3038,11 +3038,12 @@ output: Entry('result') output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>]) output: PrimaryKey('value') command: idview_add/1 -args: 1,6,3 +args: 1,7,3 arg: Str('cn', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description?', cli_name='desc') +option: Str('ipadomainresolutionorder?', cli_name='domain_resolution_order') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('setattr*', cli_name='setattr') option: Str('version?') @@ -3083,12 +3084,13 @@ output: ListOfEntries('result') output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>]) output: Output('truncated', type=[<type 'bool'>]) command: idview_mod/1 -args: 1,9,3 +args: 1,10,3 arg: Str('cn', cli_name='name') option: Str('addattr*', cli_name='addattr') option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('delattr*', cli_name='delattr') option: Str('description?', autofill=False, cli_name='desc') +option: Str('ipadomainresolutionorder?', autofill=False, cli_name='domain_resolution_order') option: Flag('raw', autofill=True, cli_name='raw', default=False) option: Str('rename?', cli_name='rename') option: Flag('rights', autofill=True, default=False) diff --git a/VERSION.m4 b/VERSION.m4 index 9766c749b..cfac2a96d 100644 --- a/VERSION.m4 +++ b/VERSION.m4 @@ -73,8 +73,8 @@ define(IPA_DATA_VERSION, 20100614120000) # # ######################################################## define(IPA_API_VERSION_MAJOR, 2) -define(IPA_API_VERSION_MINOR, 222) ->>>>>>> ipaconfig: add the ability to manipulate domain resolution order +define(IPA_API_VERSION_MINOR, 223) +# Last change: Add domain resolution order to ID views ######################################################## diff --git a/ipaserver/plugins/idviews.py b/ipaserver/plugins/idviews.py index b38a4ad17..732043283 100644 --- a/ipaserver/plugins/idviews.py +++ b/ipaserver/plugins/idviews.py @@ -95,7 +95,8 @@ class idview(LDAPObject): object_name = _('ID View') object_name_plural = _('ID Views') object_class = ['ipaIDView', 'top'] - default_attributes = ['cn', 'description'] + possible_objectclasses = ['ipaNameResolutionData'] + default_attributes = ['cn', 'description', 'ipadomainresolutionorder'] rdn_is_primary_key = True label = _('ID Views') @@ -123,6 +124,14 @@ class idview(LDAPObject): label=_('Hosts the view applies to'), flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'}, ), + Str( + 'ipadomainresolutionorder?', + cli_name='domain_resolution_order', + label=_('Domain resolution order'), + doc=_('colon-separated list of domains used for short name' + ' qualification'), + flags={'no_search'} + ) ) permission_filter_objectclasses = ['nsContainer'] @@ -131,17 +140,34 @@ class idview(LDAPObject): 'ipapermbindruletype': 'all', 'ipapermright': {'read', 'search', 'compare'}, 'ipapermdefaultattr': { - 'cn', 'description', 'objectClass', + 'cn', 'description', 'ipadomainresolutionorder', 'objectClass', }, }, } + def ensure_possible_objectclasses(self, ldap, dn, entry_attrs): + orig_entry_attrs = ldap.get_entry(dn, ['objectclass']) + + orig_objectclasses = { + o.lower() for o in orig_entry_attrs.get('objectclass', [])} + + entry_attrs['objectclass'] = orig_entry_attrs['objectclass'] + + for obj_class_name in self.possible_objectclasses: + if obj_class_name.lower() not in orig_objectclasses: + entry_attrs['objectclass'].append(obj_class_name) + @register() class idview_add(LDAPCreate): __doc__ = _('Add a new ID View.') msg_summary = _('Added ID View "%(value)s"') + def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): + self.api.Object.config.validate_domain_resolution_order(entry_attrs) + + return dn + @register() class idview_del(LDAPDelete): @@ -166,6 +192,9 @@ class idview_mod(LDAPUpdate): if key.lower() == DEFAULT_TRUST_VIEW_NAME: raise protected_default_trust_view_error + self.api.Object.config.validate_domain_resolution_order(entry_attrs) + self.obj.ensure_possible_objectclasses(ldap, dn, entry_attrs) + return dn |