On 10/29/2013 02:04 PM, Simo Sorce wrote:
> On Tue, 2013-10-29 at 12:42 +0100, Martin Kosek wrote:
>> On 10/29/2013 10:49 AM, Ana Krivokapic wrote:
>>> Hello,
>>>
>>> Patch 0080 adds userClass attribute for users to IPA CLI.
>>> Patch 0081 adds userClass attribute for users and hosts to the web UI.
>>>
>>> Design page:
>>> http://www.freeipa.org/page/V3/Integration_with_a_provisioning_systems
>>>
>>> Tickets:
>>> https://fedorahosted.org/freeipa/ticket/3588
>>> https://fedorahosted.org/freeipa/ticket/3590
>> NACK to just extending posixAccount objectclass. This is a standard 
>> objectclass
>> defined by RFC 2307 and we cannot just simply extend and overwrite it as we 
>> wish.
> Uhh indeed this is a big No-no.
>
>> We will need to come up with some custom objectclass, like ipaUser. This is 
>> the
>> reason why I wrote to ticket "A second goal of this ticket is to review 
>> current
>> objectClass hierarchy of users and do changes if needed." so that we can pick
>> the best option where to place it.
> userClass is used in ipaHost, so I guess it could be instead add to an
> ipa objectclass. ipaObject might be used perhaps, otherwise we'll need a
> new ipaUser objectlass.
>
> Simo.
>

If there are no objections to using the ipaObject objectclass, the attached
patches implement this approach.

Also, the schema change has been added to the appropriate .ldif file, and the
addeer dialogs in the web UI have been extended to support the new userclass
attribute.

-- 
Regards,

Ana Krivokapic
Associate Software Engineer
FreeIPA team
Red Hat Inc.

From 02b116d8a5fe2ff2e47d7a6ebc227564c6244fbe Mon Sep 17 00:00:00 2001
From: Ana Krivokapic <akriv...@redhat.com>
Date: Fri, 25 Oct 2013 16:31:50 +0200
Subject: [PATCH] WebUI: Add userClass attribute to user and host pages

Add userClass attribute to:
- user and host adder dialogs
- user and host detail facets

Design page: http://www.freeipa.org/page/V3/Integration_with_a_provisioning_systems
https://fedorahosted.org/freeipa/ticket/3590
---
 install/ui/src/freeipa/host.js | 2 ++
 install/ui/src/freeipa/user.js | 6 ++++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/install/ui/src/freeipa/host.js b/install/ui/src/freeipa/host.js
index f5007538e8ad1ea2e372c194b129f6c668d31b3e..460a19a9cda9a7d1d4457bb19f306dd88df8ceac 100644
--- a/install/ui/src/freeipa/host.js
+++ b/install/ui/src/freeipa/host.js
@@ -82,6 +82,7 @@ return {
                             $type: 'textarea',
                             name: 'description'
                         },
+                        'userclass',
                         'l',
                         'nshostlocation',
                         'nshardwareplatform',
@@ -234,6 +235,7 @@ return {
             {
                 name: 'other',
                 fields: [
+                    'userclass',
                     {
                         name: 'ip_address',
                         validators: [ 'ip_address' ],
diff --git a/install/ui/src/freeipa/user.js b/install/ui/src/freeipa/user.js
index 61bdb43b4ee7d23a5d118c4f29ff81e3b9f56fa1..aeeb52ea6f2bca883a656a8249386b9692711a10 100644
--- a/install/ui/src/freeipa/user.js
+++ b/install/ui/src/freeipa/user.js
@@ -103,7 +103,8 @@ return {
                         'cn',
                         'displayname',
                         'initials',
-                        'gecos'
+                        'gecos',
+                        'userclass'
                     ]
                 },
                 {
@@ -306,7 +307,8 @@ return {
                         required: false
                     },
                     'givenname',
-                    'sn'
+                    'sn',
+                    'userclass'
                 ]
             },
             {
-- 
1.8.3.1

From d91df80c081e5c766bae017acb8271a024534b4f Mon Sep 17 00:00:00 2001
From: Ana Krivokapic <akriv...@redhat.com>
Date: Fri, 25 Oct 2013 16:29:26 +0200
Subject: [PATCH] Add userClass attribute for users

This new freeform user attribute will allow provisioning systems
to add custom tags for user objects which can be later used for
automember rules or for additional local interpretation.

Design page: http://www.freeipa.org/page/V3/Integration_with_a_provisioning_systems
https://fedorahosted.org/freeipa/ticket/3588
---
 API.txt                                  |  9 ++++++---
 VERSION                                  |  2 +-
 install/share/60basev2.ldif              |  2 +-
 install/updates/10-60basev3.update       |  1 +
 ipalib/plugins/user.py                   |  8 +++++++-
 ipatests/test_xmlrpc/test_user_plugin.py | 33 +++++++++++++++++++++++++++++---
 6 files changed, 46 insertions(+), 9 deletions(-)

diff --git a/API.txt b/API.txt
index 40871f6a8b105a7b161df34ce4f6feaf785a6107..feb7f27de1ae2b1e9b4582bf225c50ab8035e595 100644
--- a/API.txt
+++ b/API.txt
@@ -3586,7 +3586,7 @@ command: trustdomain_mod
 output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: Output('value', <type 'unicode'>, None)
 command: user_add
-args: 1,35,3
+args: 1,36,3
 arg: Str('uid', attribute=True, cli_name='login', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', primary_key=True, required=True)
 option: Str('addattr*', cli_name='addattr', exclude='webui')
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
@@ -3621,6 +3621,7 @@ command: user_add
 option: Str('telephonenumber', attribute=True, cli_name='phone', multivalue=True, required=False)
 option: Str('title', attribute=True, cli_name='title', multivalue=False, required=False)
 option: Int('uidnumber', attribute=True, cli_name='uid', minvalue=1, multivalue=False, required=False)
+option: Str('userclass', attribute=True, cli_name='class', multivalue=True, required=False)
 option: Password('userpassword', attribute=True, cli_name='password', exclude='webui', multivalue=False, required=False)
 option: Str('version?', exclude='webui')
 output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
@@ -3649,7 +3650,7 @@ command: user_enable
 output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: Output('value', <type 'unicode'>, None)
 command: user_find
-args: 1,45,4
+args: 1,46,4
 arg: Str('criteria?', noextrawhitespace=False)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Str('carlicense', attribute=True, autofill=False, cli_name='carlicense', multivalue=False, query=True, required=False)
@@ -3693,6 +3694,7 @@ command: user_find
 option: Str('title', attribute=True, autofill=False, cli_name='title', multivalue=False, query=True, required=False)
 option: Str('uid', attribute=True, autofill=False, cli_name='login', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', primary_key=True, query=True, required=False)
 option: Int('uidnumber', attribute=True, autofill=False, cli_name='uid', minvalue=1, multivalue=False, query=True, required=False)
+option: Str('userclass', attribute=True, autofill=False, cli_name='class', multivalue=True, query=True, required=False)
 option: Password('userpassword', attribute=True, autofill=False, cli_name='password', exclude='webui', multivalue=False, query=True, required=False)
 option: Str('version?', exclude='webui')
 option: Flag('whoami', autofill=True, default=False)
@@ -3701,7 +3703,7 @@ command: user_find
 output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: Output('truncated', <type 'bool'>, None)
 command: user_mod
-args: 1,36,3
+args: 1,37,3
 arg: Str('uid', attribute=True, cli_name='login', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', primary_key=True, query=True, required=True)
 option: Str('addattr*', cli_name='addattr', exclude='webui')
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
@@ -3737,6 +3739,7 @@ command: user_mod
 option: Str('telephonenumber', attribute=True, autofill=False, cli_name='phone', multivalue=True, required=False)
 option: Str('title', attribute=True, autofill=False, cli_name='title', multivalue=False, required=False)
 option: Int('uidnumber', attribute=True, autofill=False, cli_name='uid', minvalue=1, multivalue=False, required=False)
+option: Str('userclass', attribute=True, autofill=False, cli_name='class', multivalue=True, required=False)
 option: Password('userpassword', attribute=True, autofill=False, cli_name='password', exclude='webui', multivalue=False, required=False)
 option: Str('version?', exclude='webui')
 output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
diff --git a/VERSION b/VERSION
index c3c6d5a4c28991839a1917f18d2804475a16bcb7..32f6efbc4d4768c77c514a3367cb9feb039205e5 100644
--- a/VERSION
+++ b/VERSION
@@ -89,4 +89,4 @@ IPA_DATA_VERSION=20100614120000
 #                                                      #
 ########################################################
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=65
+IPA_API_VERSION_MINOR=66
diff --git a/install/share/60basev2.ldif b/install/share/60basev2.ldif
index 8e7174c10ddf73194bfbe634ff34c8c3fd25e264..c1d78f40eaf3370c8a6ebee3e020f4658c0a4292 100644
--- a/install/share/60basev2.ldif
+++ b/install/share/60basev2.ldif
@@ -14,7 +14,7 @@ dn: cn=schema
 # a v2 objectClass so needs to be here.
 attributeTypes: (2.16.840.1.113730.3.8.11.37 NAME 'ipaKrbAuthzData' DESC 'type of PAC preferred by a service' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v3' )
 objectClasses: (2.16.840.1.113730.3.8.4.1 NAME 'ipaHost' AUXILIARY MUST ( fqdn ) MAY ( userPassword $ ipaClientVersion $ enrolledBy $ memberOf $ userClass ) X-ORIGIN 'IPA v2' )
-objectClasses: (2.16.840.1.113730.3.8.4.12 NAME 'ipaObject' DESC 'IPA objectclass' AUXILIARY MUST ( ipaUniqueId ) X-ORIGIN 'IPA v2' )
+objectClasses: (2.16.840.1.113730.3.8.4.12 NAME 'ipaObject' DESC 'IPA objectclass' AUXILIARY MUST ( ipaUniqueId ) MAY ( userClass ) X-ORIGIN 'IPA v2' )
 objectClasses: (2.16.840.1.113730.3.8.4.14 NAME 'ipaEntitlement' DESC 'IPA Entitlement object' AUXILIARY MUST ( ipaEntitlementId ) MAY ( userPKCS12 $ userCertificate ) X-ORIGIN 'IPA v2' )
 objectClasses: (2.16.840.1.113730.3.8.4.15 NAME 'ipaPermission' DESC 'IPA Permission objectclass' AUXILIARY MAY ( ipaPermissionType ) X-ORIGIN 'IPA v2' )
 objectClasses: (2.16.840.1.113730.3.8.4.2 NAME 'ipaService' DESC 'IPA service objectclass' AUXILIARY MAY ( memberOf $ managedBy $ ipaKrbAuthzData) X-ORIGIN 'IPA v2' )
diff --git a/install/updates/10-60basev3.update b/install/updates/10-60basev3.update
index 476fa3ba5b194036e33fe7c8dd395bd42e243fb3..f967a56c7701a36258faa2a832afecf483843104 100644
--- a/install/updates/10-60basev3.update
+++ b/install/updates/10-60basev3.update
@@ -13,6 +13,7 @@ dn: cn=schema
 add:attributeTypes: (2.16.840.1.113730.3.8.11.1 NAME 'ipaExternalMember' DESC 'External Group Member Identifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v3' )
 add:objectClasses: (2.16.840.1.113730.3.8.12.1 NAME 'ipaExternalGroup' SUP top STRUCTURAL MUST ( cn ) MAY ( ipaExternalMember $$ memberOf $$ description $$ owner) X-ORIGIN 'IPA v3' )
 replace:objectClasses: (2.16.840.1.113730.3.8.4.1 NAME 'ipaHost' AUXILIARY MUST ( fqdn ) MAY ( userPassword $$ ipaClientVersion $$ enrolledBy $$ memberOf ) X-ORIGIN 'IPA v2' )::(2.16.840.1.113730.3.8.4.1 NAME 'ipaHost' AUXILIARY MUST ( fqdn ) MAY ( userPassword $$ ipaClientVersion $$ enrolledBy $$ memberOf $$ userClass ) X-ORIGIN 'IPA v2' )
+replace:objectClasses: (2.16.840.1.113730.3.8.4.12 NAME 'ipaObject' DESC 'IPA objectclass' AUXILIARY MUST ( ipaUniqueId ) X-ORIGIN 'IPA v2' )::(2.16.840.1.113730.3.8.4.12 NAME 'ipaObject' DESC 'IPA objectclass' AUXILIARY MUST ( ipaUniqueId ) MAY ( userClass ) X-ORIGIN 'IPA v2' )
 
 # Fix dc syntax (RFC 2247)
 replace:attributeTypes:"( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) DESC 'Standard LDAP attribute type' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'RFC 2247' )::( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) DESC 'Standard LDAP attribute type' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'RFC 2247' )"
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index 471981f48204209753eda2fb994d4c653dca0fa2..11d4a726cddeb58c080aa40444e14cdfa28d8a91 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -205,7 +205,7 @@ class user(LDAPObject):
         'uid', 'givenname', 'sn', 'homedirectory', 'loginshell',
         'uidnumber', 'gidnumber', 'mail', 'ou',
         'telephonenumber', 'title', 'memberof', 'nsaccountlock',
-        'memberofindirect',
+        'memberofindirect', 'userclass',
     ]
     search_display_attributes = [
         'uid', 'givenname', 'sn', 'homedirectory', 'loginshell',
@@ -365,6 +365,12 @@ class user(LDAPObject):
             csv=True,
             flags=['no_search'],
         ),
+        Str('userclass*',
+            cli_name='class',
+            label=_('Class'),
+            doc=_('User category (semantics placed on this attribute are for '
+                  'local interpretation)'),
+        ),
     )
 
     def _normalize_and_validate_email(self, email, config=None):
diff --git a/ipatests/test_xmlrpc/test_user_plugin.py b/ipatests/test_xmlrpc/test_user_plugin.py
index 9df5d5d5b6b0b27c9330179b2300f77f9f0f9f4b..f4cdcb3640ba009aa3c9854a9bcf226bf0a89b9f 100644
--- a/ipatests/test_xmlrpc/test_user_plugin.py
+++ b/ipatests/test_xmlrpc/test_user_plugin.py
@@ -188,12 +188,24 @@ class test_user(Declarative):
         dict(
             desc='Create "%s"' % user1,
             command=(
-                'user_add', [user1], dict(givenname=u'Test', sn=u'User1')
+                'user_add',
+                [user1],
+                dict(
+                    givenname=u'Test',
+                    sn=u'User1',
+                    userclass=u'testusers'
+                )
             ),
             expected=dict(
                 value=user1,
                 summary=u'Added user "%s"' % user1,
-                result=get_user_result(user1, u'Test', u'User1', 'add'),
+                result=get_user_result(
+                    user1,
+                    u'Test',
+                    u'User1',
+                    'add',
+                    userclass=[u'testusers']
+                ),
             ),
             extra_check = upg_check,
         ),
@@ -215,12 +227,27 @@ class test_user(Declarative):
                 'user_show', [user1], {}
             ),
             expected=dict(
-                result=get_user_result(user1, u'Test', u'User1', 'show'),
+                result=get_user_result(
+                    user1,
+                    u'Test',
+                    u'User1',
+                    'show',
+                    userclass=[u'testusers']
+                ),
                 value=user1,
                 summary=None,
             ),
         ),
 
+        dict(
+            desc='Remove userclass for user "%s"' % user1,
+            command=('user_mod', [user1], dict(userclass=u'')),
+            expected=dict(
+                result=get_user_result(user1, u'Test', u'User1', 'mod'),
+                value=user1,
+                summary=u'Modified user "%s"' % user1,
+            ),
+        ),
 
         dict(
             desc='Search for "%s" with all=True' % user1,
-- 
1.8.3.1

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to