patch attached
>From 757436ccc431d26a3e62de830dad0b107a6c48ff Mon Sep 17 00:00:00 2001
From: Nathaniel McCallum <npmccal...@redhat.com>
Date: Wed, 4 Sep 2013 23:35:36 -0400
Subject: [PATCH] Add support for managing user auth types

https://fedorahosted.org/freeipa/ticket/3368
---
 ipalib/plugins/config.py | 16 ++++++++++++++++
 ipalib/plugins/user.py   | 32 ++++++++++++++++++++++----------
 2 files changed, 38 insertions(+), 10 deletions(-)

diff --git a/ipalib/plugins/config.py b/ipalib/plugins/config.py
index b9cf05016bf80cd48134cca5a50cdca7db423ca9..692ca22db70eb9a81a49eab6dc1e23284c8a9946 100644
--- a/ipalib/plugins/config.py
+++ b/ipalib/plugins/config.py
@@ -92,6 +92,7 @@ class config(LDAPObject):
         'ipamigrationenabled', 'ipacertificatesubjectbase',
         'ipapwdexpadvnotify', 'ipaselinuxusermaporder',
         'ipaselinuxusermapdefault', 'ipaconfigstring', 'ipakrbauthzdata',
+        'ipauserauthtype'
     ]
 
     label = _('Configuration')
@@ -197,6 +198,13 @@ class config(LDAPObject):
             values=(u'MS-PAC', u'PAD', u'nfs:NONE'),
             csv=True,
         ),
+        StrEnum('ipauserauthtype*',
+            cli_name='user_auth_type',
+            label=_('Default user authentication types'),
+            doc=_('Default types of supported user authentication'),
+            values=(u'password',),
+            csv=True,
+        ),
     )
 
     def get_dn(self, *keys, **kwargs):
@@ -210,6 +218,14 @@ class config_mod(LDAPUpdate):
 
     def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
         assert isinstance(dn, DN)
+        
+        if 'ipauserauthtype' in entry_attrs:
+            if 'objectclass' not in entry_attrs:
+                (_dn, _entry_attrs) = ldap.get_entry(dn, ['objectclass'])
+                entry_attrs['objectclass'] = _entry_attrs['objectclass']
+            if 'ipauserauthtypeclass' not in entry_attrs['objectclass']:
+                entry_attrs['objectclass'].append('ipauserauthtypeclass')
+
         if 'ipadefaultprimarygroup' in entry_attrs:
             group=entry_attrs['ipadefaultprimarygroup']
             try:
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index 471981f48204209753eda2fb994d4c653dca0fa2..02f62120d281a873dfd9c21e1b855b112cca05a4 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -24,7 +24,7 @@ import posixpath
 import os
 
 from ipalib import api, errors
-from ipalib import Flag, Int, Password, Str, Bool
+from ipalib import Flag, Int, Password, Str, Bool, StrEnum
 from ipalib.plugins.baseldap import *
 from ipalib.plugins import baseldap
 from ipalib.request import context
@@ -198,14 +198,14 @@ class user(LDAPObject):
     object_name_plural = _('users')
     object_class = ['posixaccount']
     object_class_config = 'ipauserobjectclasses'
-    possible_objectclasses = ['meporiginentry']
+    possible_objectclasses = ['meporiginentry', 'ipauserauthtypeclass']
     disallow_object_classes = ['krbticketpolicyaux']
     search_attributes_config = 'ipausersearchfields'
     default_attributes = [
         'uid', 'givenname', 'sn', 'homedirectory', 'loginshell',
         'uidnumber', 'gidnumber', 'mail', 'ou',
         'telephonenumber', 'title', 'memberof', 'nsaccountlock',
-        'memberofindirect',
+        'memberofindirect', 'ipauserauthtype'
     ]
     search_display_attributes = [
         'uid', 'givenname', 'sn', 'homedirectory', 'loginshell',
@@ -365,6 +365,13 @@ class user(LDAPObject):
             csv=True,
             flags=['no_search'],
         ),
+        StrEnum('ipauserauthtype*',
+            cli_name='user_auth_type',
+            label=_('User authentication types'),
+            doc=_('Types of supported user authentication'),
+            values=(u'password',),
+            csv=True,
+        ),
     )
 
     def _normalize_and_validate_email(self, email, config=None):
@@ -633,14 +640,19 @@ class user_mod(LDAPUpdate):
             entry_attrs['userpassword'] = ipa_generate_password(user_pwdchars)
             # save the password so it can be displayed in post_callback
             setattr(context, 'randompassword', entry_attrs['userpassword'])
+        
+        if 'objectclass' not in entry_attrs:
+            (_dn, _entry_attrs) = ldap.get_entry(dn, ['objectclass'])
+            entry_attrs['objectclass'] = _entry_attrs['objectclass']
+        
         if 'ipasshpubkey' in entry_attrs:
-            if 'objectclass' in entry_attrs:
-                obj_classes = entry_attrs['objectclass']
-            else:
-                (_dn, _entry_attrs) = ldap.get_entry(dn, ['objectclass'])
-                obj_classes = entry_attrs['objectclass'] = _entry_attrs['objectclass']
-            if 'ipasshuser' not in obj_classes:
-                obj_classes.append('ipasshuser')
+            if 'ipasshuser' not in entry_attrs['objectclass']:
+                entry_attrs['objectclass'].append('ipasshuser')
+                
+        if 'ipauserauthtype' in entry_attrs:
+            if 'ipauserauthtypeclass' not in entry_attrs['objectclass']:
+                entry_attrs['objectclass'].append('ipauserauthtypeclass')
+        
         return dn
 
     def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
-- 
1.8.3.1

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to