diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2011-10-05 17:16:05 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2011-10-09 23:44:22 -0400 |
| commit | 7bd3b3e12147b794c4cf2f4457df5e20638c7b0e (patch) | |
| tree | 1f57dd008e2edf1e2e94bb9d0b88200d8720c132 /ipaserver/install/ldapupdate.py | |
| parent | ae65c0193271b70929f8d011f2a1aa5dff99f426 (diff) | |
| download | freeipa-7bd3b3e12147b794c4cf2f4457df5e20638c7b0e.tar.gz freeipa-7bd3b3e12147b794c4cf2f4457df5e20638c7b0e.tar.xz freeipa-7bd3b3e12147b794c4cf2f4457df5e20638c7b0e.zip | |
Fix DNS permissions and membership in privileges
This resolves two issues:
1. The DNS acis lacked a prefix so weren't tied to permissions
2. The permissions were added before the privileges so the member
values weren't calculated properly
For updates we need to add in the members and recalculate memberof via
a DS task.
https://fedorahosted.org/freeipa/ticket/1898
Diffstat (limited to 'ipaserver/install/ldapupdate.py')
| -rw-r--r-- | ipaserver/install/ldapupdate.py | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py index f2f416b9c..e1f6b1f43 100644 --- a/ipaserver/install/ldapupdate.py +++ b/ipaserver/install/ldapupdate.py @@ -267,7 +267,7 @@ class LDAPUpdate: def parse_update_file(self, data, all_updates, dn_list): """Parse the update file into a dictonary of lists and apply the update for each DN in the file.""" - valid_keywords = ["default", "add", "remove", "only", "deleteentry", "replace", "addifnew"] + valid_keywords = ["default", "add", "remove", "only", "deleteentry", "replace", "addifnew", "addifexist"] update = {} d = "" index = "" @@ -533,6 +533,14 @@ class LDAPUpdate: e.append(v) logging.debug('addifnew: set %s to %s', k, e) entry.setValues(k, e) + elif utype == 'addifexist': + logging.debug("addifexist: '%s' to %s, current value %s", v, k, e) + # Only add the attribute if the entry doesn't exist. We + # determine this based on whether it has an objectclass + if entry.getValues('objectclass'): + e.append(v) + logging.debug('addifexist: set %s to %s', k, e) + entry.setValues(k, e) elif utype == 'only': logging.debug("only: set %s to '%s', current value %s", k, v, e) if only.get(k): @@ -645,7 +653,11 @@ class LDAPUpdate: # entry.orig_data = {} try: if self.live_run: - self.conn.addEntry(entry.dn, entry.toTupleList()) + if len(entry.toTupleList()) > 0: + # addifexist may result in an entry with only a + # dn defined. In that case there is nothing to do. + # It means the entry doesn't exist, so skip it. + self.conn.addEntry(entry.dn, entry.toTupleList()) self.modified = True except Exception, e: logging.error("Add failure %s", e) |