On 13.9.2013 09:21, Jan Cholasta wrote:
Hi,
On 12.9.2013 22:48, Nathaniel McCallum wrote:
On Thu, 2013-09-05 at 00:06 -0400, Nathaniel McCallum wrote:
patch attached
Update for ./makeapi attached.
+ if 'ipatokenradiusconfiglink' in entry_attrs:
+ cl = entry_attrs['ipatokenradiusconfiglink']
+ if not cl:
+ entry_attrs['ipatokenradiususername'] = None
+ if 'ipatokenradiusproxyuser' in
entry_attrs['objectclass']:
+ entry_attrs['objectclass'].remove('ipatokenradiusproxyuser')
Is there are particular reason to remove the object class? I think you
can just leave it there, that is what we do in other plugins.
+ else:
+ if 'ipatokenradiusproxyuser' not in
entry_attrs['objectclass']:
+ entry_attrs['objectclass'].append('ipatokenradiusproxyuser')
+
+ answer = self.api.Command.radius_show(cl)
+ entry_attrs['ipatokenradiusconfiglink'] =
answer['result']['dn']
Please use self.api.Object.radius.get_dn_if_exists(cl) to get the DN
instead of radius_show.
The whole code block should be added to user_add as well.
+ radius = options.get('ipatokenradiusconfiglink', None)
+ if radius is not None:
+ answer = self.api.Command.radius_show(radius)
+ filter = filter.replace('(ipatokenradiusconfiglink=%s)' %
radius,
+ '(ipatokenradiusconfiglink=%s)' %
answer['result']['dn'])
Again, use get_dn_if_exists instead of radius_show to get the DN.
As for the filter processing, I think it would be safer to override
args_options_2_entry in user_find and do it in there:
def args_options_2_entry(self, *keys, **options):
if 'ipatokenradiusconfiglink' in options:
options['ipatokenradiusconfiglink'] =
self.api.Object.radius.get_dn(options['ipatokenradiusconfiglink'])
return super(user_find, self).args_options_2_entry(
... or you can do this in user_find.execute, as there already is
something similar done for the "manager" attribute.
Honza
BTW, I think you should configure the referential integrity plugin so
that when a radius object is deleted, all ipatokenradiusconfiglink's to
it are deleted as well.
Honza
--
Jan Cholasta
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel