Re: [Freeipa-devel] [PATCHES 0061-0063] Extend ID range types rebased
On 06/07/2013 05:44 PM, Alexander Bokovoy wrote: On Fri, 07 Jun 2013, Tomas Babej wrote: On 06/07/2013 03:41 PM, Alexander Bokovoy wrote: Hi, in patch 0061: On Fri, 07 Jun 2013, Tomas Babej wrote: +range_types = { +u'ipa-local': unicode(_(u'local domain range')), +u'ipa-ad-winsync': unicode(_('Active Directory winsync range')), +u'ipa-ad-trust': unicode(_('Active Directory domain range')), +u'ipa-ad-trust-posix': unicode(_('Active Directory trust range with ' +'POSIX attributes')), +u'ipa-ipa-trust': unicode(_('IPA trust range')), + } Why there is _(u'local domain range') and then others without Unicode strings? Either way is fine but there should be consistency. Sure, fixed. The rest of this patch would be much shorter if there wouldn't additional whitespace. Could you please git rid of that? Whitespaces are intentional, these are fixes for PEP8 E302 errors. If they are intentional, please send them as separate patch. Sending the whole patchset updated. Please split the whitespace fixes from the functional ones. No problem, patches split. Tomas From e930e4a6e1beba76bb3ac82b4efb69675713c3cf Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Mon, 10 Jun 2013 10:45:04 +0200 Subject: [PATCH 64/64] PEP8 fixes in idrange.py --- ipalib/plugins/idrange.py | 25 + 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/ipalib/plugins/idrange.py b/ipalib/plugins/idrange.py index 257730986afe66741cd324649fc1953fa7310330..abca492978d04c71b78a89df8e5c2d1d51c06398 100644 --- a/ipalib/plugins/idrange.py +++ b/ipalib/plugins/idrange.py @@ -150,6 +150,7 @@ IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to be modified to match the new range. ) + class idrange(LDAPObject): Range object. @@ -230,7 +231,8 @@ class idrange(LDAPObject): if not options.get('all', False) or options.get('pkey_only', False): entry_attrs.pop('objectclass', None) -def check_ids_in_modified_range(self, old_base, old_size, new_base, new_size): +def check_ids_in_modified_range(self, old_base, old_size, new_base, +new_size): if new_base is None and new_size is None: # nothing to check return @@ -243,12 +245,12 @@ class idrange(LDAPObject): checked_intervals = [] low_diff = new_interval[0] - old_interval[0] if low_diff 0: -checked_intervals.append( -(old_interval[0], min(old_interval[1], new_interval[0] - 1))) +checked_intervals.append((old_interval[0], +min(old_interval[1], new_interval[0] - 1))) high_diff = old_interval[1] - new_interval[1] if high_diff 0: -checked_intervals.append( -(max(old_interval[0], new_interval[1] + 1), old_interval[1])) +checked_intervals.append((max(old_interval[0], new_interval[1] + 1), + old_interval[1])) if not checked_intervals: # range is equal or covers the entire old range, nothing to check @@ -458,7 +460,8 @@ class idrange_add(LDAPCreate): 'be used together')) # Validate SID as the one of trusted domains -self.obj.validate_trusted_domain_sid(entry_attrs['ipanttrusteddomainsid']) +self.obj.validate_trusted_domain_sid( +entry_attrs['ipanttrusteddomainsid']) # ipaNTTrustedDomainSID attribute not set, this is local domain range else: @@ -500,6 +503,7 @@ class idrange_add(LDAPCreate): keep_objectclass=True) return dn + class idrange_del(LDAPDelete): __doc__ = _('Delete an ID range.') @@ -534,6 +538,7 @@ class idrange_del(LDAPDelete): return dn + class idrange_find(LDAPSearch): __doc__ = _('Search for ranges.') @@ -543,7 +548,8 @@ class idrange_find(LDAPSearch): # Since all range types are stored within separate containers under # 'cn=ranges,cn=etc' search can be done on a one-level scope -def pre_callback(self, ldap, filters, attrs_list, base_dn, scope, *args, **options): +def pre_callback(self, ldap, filters, attrs_list, base_dn, scope, *args, + **options): assert isinstance(base_dn, DN) attrs_list.append('objectclass') return (filters, base_dn, ldap.SCOPE_ONELEVEL) @@ -553,6 +559,7 @@ class idrange_find(LDAPSearch): self.obj.handle_iparangetype(entry, options) return truncated + class idrange_show(LDAPRetrieve): __doc__ = _('Display information about a range.') @@ -566,6 +573,7 @@ class idrange_show(LDAPRetrieve): self.obj.handle_iparangetype(entry_attrs, options)
Re: [Freeipa-devel] [PATCHES 0061-0063] Extend ID range types rebased
On Mon, 10 Jun 2013, Tomas Babej wrote: On 06/07/2013 05:44 PM, Alexander Bokovoy wrote: On Fri, 07 Jun 2013, Tomas Babej wrote: On 06/07/2013 03:41 PM, Alexander Bokovoy wrote: Hi, in patch 0061: On Fri, 07 Jun 2013, Tomas Babej wrote: +range_types = { +u'ipa-local': unicode(_(u'local domain range')), +u'ipa-ad-winsync': unicode(_('Active Directory winsync range')), +u'ipa-ad-trust': unicode(_('Active Directory domain range')), +u'ipa-ad-trust-posix': unicode(_('Active Directory trust range with ' +'POSIX attributes')), +u'ipa-ipa-trust': unicode(_('IPA trust range')), + } Why there is _(u'local domain range') and then others without Unicode strings? Either way is fine but there should be consistency. Sure, fixed. The rest of this patch would be much shorter if there wouldn't additional whitespace. Could you please git rid of that? Whitespaces are intentional, these are fixes for PEP8 E302 errors. If they are intentional, please send them as separate patch. Sending the whole patchset updated. Please split the whitespace fixes from the functional ones. No problem, patches split. Thanks. ACK, pushed to master. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES 0061-0063] Extend ID range types rebased
On 06/10/2013 10:52 AM, Tomas Babej wrote: On 06/07/2013 05:44 PM, Alexander Bokovoy wrote: On Fri, 07 Jun 2013, Tomas Babej wrote: On 06/07/2013 03:41 PM, Alexander Bokovoy wrote: Hi, in patch 0061: On Fri, 07 Jun 2013, Tomas Babej wrote: +range_types = { +u'ipa-local': unicode(_(u'local domain range')), +u'ipa-ad-winsync': unicode(_('Active Directory winsync range')), +u'ipa-ad-trust': unicode(_('Active Directory domain range')), +u'ipa-ad-trust-posix': unicode(_('Active Directory trust range with ' +'POSIX attributes')), +u'ipa-ipa-trust': unicode(_('IPA trust range')), + } Why there is _(u'local domain range') and then others without Unicode strings? Either way is fine but there should be consistency. Sure, fixed. The rest of this patch would be much shorter if there wouldn't additional whitespace. Could you please git rid of that? Whitespaces are intentional, these are fixes for PEP8 E302 errors. If they are intentional, please send them as separate patch. Sending the whole patchset updated. Please split the whitespace fixes from the functional ones. No problem, patches split. Tomas Hello, I got a test failure, most likely caused by this patch. In test_range_plugin.py, there are some manually added ranges without the new required attribute. Traceback (most recent call last): File /usr/lib/python2.7/site-packages/nose/suite.py, line 208, in run self.setUp() File /usr/lib/python2.7/site-packages/nose/suite.py, line 291, in setUp self.setupContext(ancestor) File /usr/lib/python2.7/site-packages/nose/suite.py, line 314, in setupContext try_run(context, names) File /usr/lib/python2.7/site-packages/nose/util.py, line 469, in try_run return func() File /var/lib/jenkins/workspace/install-and-make-test/tests/test_xmlrpc/test_range_plugin.py, line 159, in setUpClass self.add_entry(testrange9_dn, testrange9_add) File /var/lib/jenkins/workspace/install-and-make-test/tests/test_xmlrpc/test_range_plugin.py, line 148, in add_entry self.connection.add_s(dn, ldif) File /usr/lib64/python2.7/site-packages/ldap/ldapobject.py, line 195, in add_s return self.result(msgid,all=1,timeout=self.timeout) File /usr/lib64/python2.7/site-packages/ldap/ldapobject.py, line 458, in result resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout) File /usr/lib64/python2.7/site-packages/ldap/ldapobject.py, line 462, in result2 resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout) File /usr/lib64/python2.7/site-packages/ldap/ldapobject.py, line 469, in result3 resp_ctrl_classes=resp_ctrl_classes File /usr/lib64/python2.7/site-packages/ldap/ldapobject.py, line 476, in result4 ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) File /usr/lib64/python2.7/site-packages/ldap/ldapobject.py, line 99, in _ldap_call result = func(*args,**kwargs) OBJECT_CLASS_VIOLATION: {'info': 'missing attribute ipaRangeType required by object class ipaIDrange\n', 'desc': 'Object class violation'} -- PetrĀ³ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES 0061-0063] Extend ID range types rebased
On Mon, 10 Jun 2013, Petr Viktorin wrote: On 06/10/2013 10:52 AM, Tomas Babej wrote: On 06/07/2013 05:44 PM, Alexander Bokovoy wrote: On Fri, 07 Jun 2013, Tomas Babej wrote: On 06/07/2013 03:41 PM, Alexander Bokovoy wrote: Hi, in patch 0061: On Fri, 07 Jun 2013, Tomas Babej wrote: +range_types = { +u'ipa-local': unicode(_(u'local domain range')), +u'ipa-ad-winsync': unicode(_('Active Directory winsync range')), +u'ipa-ad-trust': unicode(_('Active Directory domain range')), +u'ipa-ad-trust-posix': unicode(_('Active Directory trust range with ' +'POSIX attributes')), +u'ipa-ipa-trust': unicode(_('IPA trust range')), + } Why there is _(u'local domain range') and then others without Unicode strings? Either way is fine but there should be consistency. Sure, fixed. The rest of this patch would be much shorter if there wouldn't additional whitespace. Could you please git rid of that? Whitespaces are intentional, these are fixes for PEP8 E302 errors. If they are intentional, please send them as separate patch. Sending the whole patchset updated. Please split the whitespace fixes from the functional ones. No problem, patches split. Tomas Hello, I got a test failure, most likely caused by this patch. In test_range_plugin.py, there are some manually added ranges without the new required attribute. Good catch, thanks! I'd suggest to fix this as part of patch 0070 that Tomas sent in today because it touches the same code. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES 0061-0063] Extend ID range types rebased
On 06/06/2013 12:00 PM, Alexander Bokovoy wrote: On Thu, 06 Jun 2013, Tomas Babej wrote: From 0580d3c03319c72d731d0598b19e633fc536b866 Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Thu, 30 May 2013 14:07:09 +0200 Subject: [PATCH 62/63] Add update plugin to fill in ipaRangeType attribute Previously, we deduced the range type from the range objectclass and filled in virtual attribute in post_callback phase. Having a ipaRangeType attributeType in schema, we need to fill the attribute values to ranges created in previous IPA versions. The plugin follows the same approach, setting ipa-local or ipa-ad-trust value to the ipaRangeType attribute according to the objectclass of the range. Part of https://fedorahosted.org/freeipa/ticket/3647 You need also to fix bootstrap template as ipaRangeType now is mandatory attribute for the range class: Updated patches attached. Tomas From 6448e7b58ffbfaa92bcb2d9412e28934afb825b8 Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Thu, 30 May 2013 14:12:52 +0200 Subject: [PATCH] Extend idrange commands to support new range origin types Following values of ipaRangeType attribute are supported and translated accordingly in the idrange commands: 'ipa-local': 'local domain range' 'ipa-ad-winsync': 'Active Directory winsync range' 'ipa-ad-trust': 'Active Directory domain range' 'ipa-ad-trust-posix': 'Active Directory trust range with POSIX attributes' 'ipa-ipa-trust': 'IPA trust range' Part of https://fedorahosted.org/freeipa/ticket/3647 --- API.txt | 7 ++--- ipalib/plugins/idrange.py | 75 +-- 2 files changed, 63 insertions(+), 19 deletions(-) diff --git a/API.txt b/API.txt index 0a4b356e6f8a66d785e222f5941ff65a3cb484b7..1313460de66d8e12fc7a068cda0cf30658bcdd1b 100644 --- a/API.txt +++ b/API.txt @@ -1969,7 +1969,7 @@ option: Int('ipabaserid', attribute=True, cli_name='rid_base', multivalue=False, option: Int('ipaidrangesize', attribute=True, cli_name='range_size', multivalue=False, required=True) option: Str('ipanttrusteddomainname', attribute=False, cli_name='dom_name', multivalue=False, required=False) option: Str('ipanttrusteddomainsid', attribute=True, cli_name='dom_sid', multivalue=False, required=False) -option: Str('iparangetype', attribute=True, cli_name='iparangetype', multivalue=False, required=False) +option: StrEnum('iparangetype', attribute=True, cli_name='type', multivalue=False, required=False, values=(u'ipa-ad-trust-posix', u'ipa-ad-trust', u'ipa-local', u'ipa-ad-winsync', u'ipa-ipa-trust')) option: Int('ipasecondarybaserid', attribute=True, cli_name='secondary_rid_base', multivalue=False, required=False) option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') option: Str('setattr*', cli_name='setattr', exclude='webui') @@ -1994,7 +1994,7 @@ option: Int('ipabaseid', attribute=True, autofill=False, cli_name='base_id', mul option: Int('ipabaserid', attribute=True, autofill=False, cli_name='rid_base', multivalue=False, query=True, required=False) option: Int('ipaidrangesize', attribute=True, autofill=False, cli_name='range_size', multivalue=False, query=True, required=False) option: Str('ipanttrusteddomainsid', attribute=True, autofill=False, cli_name='dom_sid', multivalue=False, query=True, required=False) -option: Str('iparangetype', attribute=True, autofill=False, cli_name='iparangetype', multivalue=False, query=True, required=False) +option: StrEnum('iparangetype', attribute=True, autofill=False, cli_name='type', multivalue=False, query=True, required=False, values=(u'ipa-ad-trust-posix', u'ipa-ad-trust', u'ipa-local', u'ipa-ad-winsync', u'ipa-ipa-trust')) option: Int('ipasecondarybaserid', attribute=True, autofill=False, cli_name='secondary_rid_base', multivalue=False, query=True, required=False) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') @@ -2006,7 +2006,7 @@ output: ListOfEntries('result', (type 'list', type 'tuple'), Gettext('A list output: Output('summary', (type 'unicode', type 'NoneType'), None) output: Output('truncated', type 'bool', None) command: idrange_mod -args: 1,14,3 +args: 1,13,3 arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True) option: Str('addattr*', cli_name='addattr', exclude='webui') option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') @@ -2016,7 +2016,6 @@ option: Int('ipabaserid', attribute=True, autofill=False, cli_name='rid_base', m option: Int('ipaidrangesize', attribute=True, autofill=False, cli_name='range_size', multivalue=False, required=False) option: DeprecatedParam('ipanttrusteddomainname?') option: DeprecatedParam('ipanttrusteddomainsid?') -option: Str('iparangetype', attribute=True, autofill=False, cli_name='iparangetype', multivalue=False,
Re: [Freeipa-devel] [PATCHES 0061-0063] Extend ID range types rebased
Hi, in patch 0061: On Fri, 07 Jun 2013, Tomas Babej wrote: +range_types = { +u'ipa-local': unicode(_(u'local domain range')), +u'ipa-ad-winsync': unicode(_('Active Directory winsync range')), +u'ipa-ad-trust': unicode(_('Active Directory domain range')), +u'ipa-ad-trust-posix': unicode(_('Active Directory trust range with ' +'POSIX attributes')), +u'ipa-ipa-trust': unicode(_('IPA trust range')), + } Why there is _(u'local domain range') and then others without Unicode strings? Either way is fine but there should be consistency. The rest of this patch would be much shorter if there wouldn't additional whitespace. Could you please git rid of that? -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES 0061-0063] Extend ID range types rebased
On Fri, 07 Jun 2013, Tomas Babej wrote: From e3b073011518f37497f08b0b4f4e34881b671a0a Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Thu, 30 May 2013 14:07:09 +0200 Subject: [PATCH 62/63] Add update plugin to fill in ipaRangeType attribute Previously, we deduced the range type from the range objectclass and filled in virtual attribute in post_callback phase. Having a ipaRangeType attributeType in schema, we need to fill the attribute values to ranges created in previous IPA versions. The plugin follows the same approach, setting ipa-local or ipa-ad-trust value to the ipaRangeType attribute according to the objectclass of the range. Part of https://fedorahosted.org/freeipa/ticket/3647 ACK. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES 0061-0063] Extend ID range types rebased
On Fri, 07 Jun 2013, Tomas Babej wrote: From 85ec5eca8a4dac379902b535b17995c0bfacb428 Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Thu, 30 May 2013 14:02:44 +0200 Subject: [PATCH 61/63] Add ipaRangeType attribute to LDAP Schema This adds a new LDAP attribute ipaRangeType with OID 2.16.840.1.113730.3.8.11.41 to the LDAP Schema. ObjectClass ipaIDrange has been altered to require ipaRangeType attribute. Part of https://fedorahosted.org/freeipa/ticket/3647 ACK. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES 0061-0063] Extend ID range types rebased
On 06/07/2013 03:41 PM, Alexander Bokovoy wrote: Hi, in patch 0061: On Fri, 07 Jun 2013, Tomas Babej wrote: +range_types = { +u'ipa-local': unicode(_(u'local domain range')), +u'ipa-ad-winsync': unicode(_('Active Directory winsync range')), +u'ipa-ad-trust': unicode(_('Active Directory domain range')), +u'ipa-ad-trust-posix': unicode(_('Active Directory trust range with ' +'POSIX attributes')), +u'ipa-ipa-trust': unicode(_('IPA trust range')), + } Why there is _(u'local domain range') and then others without Unicode strings? Either way is fine but there should be consistency. Sure, fixed. The rest of this patch would be much shorter if there wouldn't additional whitespace. Could you please git rid of that? Whitespaces are intentional, these are fixes for PEP8 E302 errors. Sending the whole patchset updated. Tomas From 5502e0817aace0b1aa7ae4bd5cd62a3463164ff5 Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Thu, 30 May 2013 14:12:52 +0200 Subject: [PATCH] Extend idrange commands to support new range origin types Following values of ipaRangeType attribute are supported and translated accordingly in the idrange commands: 'ipa-local': 'local domain range' 'ipa-ad-winsync': 'Active Directory winsync range' 'ipa-ad-trust': 'Active Directory domain range' 'ipa-ad-trust-posix': 'Active Directory trust range with POSIX attributes' 'ipa-ipa-trust': 'IPA trust range' Part of https://fedorahosted.org/freeipa/ticket/3647 --- API.txt | 7 ++--- ipalib/plugins/idrange.py | 75 +-- 2 files changed, 63 insertions(+), 19 deletions(-) diff --git a/API.txt b/API.txt index 0a4b356e6f8a66d785e222f5941ff65a3cb484b7..1313460de66d8e12fc7a068cda0cf30658bcdd1b 100644 --- a/API.txt +++ b/API.txt @@ -1969,7 +1969,7 @@ option: Int('ipabaserid', attribute=True, cli_name='rid_base', multivalue=False, option: Int('ipaidrangesize', attribute=True, cli_name='range_size', multivalue=False, required=True) option: Str('ipanttrusteddomainname', attribute=False, cli_name='dom_name', multivalue=False, required=False) option: Str('ipanttrusteddomainsid', attribute=True, cli_name='dom_sid', multivalue=False, required=False) -option: Str('iparangetype', attribute=True, cli_name='iparangetype', multivalue=False, required=False) +option: StrEnum('iparangetype', attribute=True, cli_name='type', multivalue=False, required=False, values=(u'ipa-ad-trust-posix', u'ipa-ad-trust', u'ipa-local', u'ipa-ad-winsync', u'ipa-ipa-trust')) option: Int('ipasecondarybaserid', attribute=True, cli_name='secondary_rid_base', multivalue=False, required=False) option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') option: Str('setattr*', cli_name='setattr', exclude='webui') @@ -1994,7 +1994,7 @@ option: Int('ipabaseid', attribute=True, autofill=False, cli_name='base_id', mul option: Int('ipabaserid', attribute=True, autofill=False, cli_name='rid_base', multivalue=False, query=True, required=False) option: Int('ipaidrangesize', attribute=True, autofill=False, cli_name='range_size', multivalue=False, query=True, required=False) option: Str('ipanttrusteddomainsid', attribute=True, autofill=False, cli_name='dom_sid', multivalue=False, query=True, required=False) -option: Str('iparangetype', attribute=True, autofill=False, cli_name='iparangetype', multivalue=False, query=True, required=False) +option: StrEnum('iparangetype', attribute=True, autofill=False, cli_name='type', multivalue=False, query=True, required=False, values=(u'ipa-ad-trust-posix', u'ipa-ad-trust', u'ipa-local', u'ipa-ad-winsync', u'ipa-ipa-trust')) option: Int('ipasecondarybaserid', attribute=True, autofill=False, cli_name='secondary_rid_base', multivalue=False, query=True, required=False) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') @@ -2006,7 +2006,7 @@ output: ListOfEntries('result', (type 'list', type 'tuple'), Gettext('A list output: Output('summary', (type 'unicode', type 'NoneType'), None) output: Output('truncated', type 'bool', None) command: idrange_mod -args: 1,14,3 +args: 1,13,3 arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True) option: Str('addattr*', cli_name='addattr', exclude='webui') option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') @@ -2016,7 +2016,6 @@ option: Int('ipabaserid', attribute=True, autofill=False, cli_name='rid_base', m option: Int('ipaidrangesize', attribute=True, autofill=False, cli_name='range_size', multivalue=False, required=False) option: DeprecatedParam('ipanttrusteddomainname?') option: DeprecatedParam('ipanttrusteddomainsid?') -option: Str('iparangetype', attribute=True, autofill=False,
Re: [Freeipa-devel] [PATCHES 0061-0063] Extend ID range types rebased
On Fri, 07 Jun 2013, Tomas Babej wrote: On 06/07/2013 03:41 PM, Alexander Bokovoy wrote: Hi, in patch 0061: On Fri, 07 Jun 2013, Tomas Babej wrote: +range_types = { +u'ipa-local': unicode(_(u'local domain range')), +u'ipa-ad-winsync': unicode(_('Active Directory winsync range')), +u'ipa-ad-trust': unicode(_('Active Directory domain range')), +u'ipa-ad-trust-posix': unicode(_('Active Directory trust range with ' +'POSIX attributes')), +u'ipa-ipa-trust': unicode(_('IPA trust range')), + } Why there is _(u'local domain range') and then others without Unicode strings? Either way is fine but there should be consistency. Sure, fixed. The rest of this patch would be much shorter if there wouldn't additional whitespace. Could you please git rid of that? Whitespaces are intentional, these are fixes for PEP8 E302 errors. If they are intentional, please send them as separate patch. Sending the whole patchset updated. Please split the whitespace fixes from the functional ones. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES 0061-0063] Extend ID range types rebased
On 06/05/2013 02:53 PM, Tomas Babej wrote: On 06/03/2013 05:00 PM, Tomas Babej wrote: Hi, Sending rebased versions on top of current master. Tomas Hi, A rebase was needed again. I also fixed a bug in the update plugin, since it used case-sensitive comparison of objectclasses. Updated patcheset attached. Tomas ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Patcheset updated with the changes required for the patch 67. Tomas From de961306fc4582c0e63d28f42ad60df6e956443b Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Thu, 30 May 2013 14:12:52 +0200 Subject: [PATCH] Extend idrange commands to support new range origin types Following values of ipaRangeType attribute are supported and translated accordingly in the idrange commands: 'ipa-local': 'local domain range' 'ipa-ad-winsync': 'Active Directory winsync range' 'ipa-ad-trust': 'Active Directory domain range' 'ipa-ad-trust-posix': 'Active Directory trust range with POSIX attributes' 'ipa-ipa-trust': 'IPA trust range' Part of https://fedorahosted.org/freeipa/ticket/3647 --- API.txt | 7 ++--- ipalib/plugins/idrange.py | 74 ++- 2 files changed, 63 insertions(+), 18 deletions(-) diff --git a/API.txt b/API.txt index 0a4b356e6f8a66d785e222f5941ff65a3cb484b7..1313460de66d8e12fc7a068cda0cf30658bcdd1b 100644 --- a/API.txt +++ b/API.txt @@ -1969,7 +1969,7 @@ option: Int('ipabaserid', attribute=True, cli_name='rid_base', multivalue=False, option: Int('ipaidrangesize', attribute=True, cli_name='range_size', multivalue=False, required=True) option: Str('ipanttrusteddomainname', attribute=False, cli_name='dom_name', multivalue=False, required=False) option: Str('ipanttrusteddomainsid', attribute=True, cli_name='dom_sid', multivalue=False, required=False) -option: Str('iparangetype', attribute=True, cli_name='iparangetype', multivalue=False, required=False) +option: StrEnum('iparangetype', attribute=True, cli_name='type', multivalue=False, required=False, values=(u'ipa-ad-trust-posix', u'ipa-ad-trust', u'ipa-local', u'ipa-ad-winsync', u'ipa-ipa-trust')) option: Int('ipasecondarybaserid', attribute=True, cli_name='secondary_rid_base', multivalue=False, required=False) option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') option: Str('setattr*', cli_name='setattr', exclude='webui') @@ -1994,7 +1994,7 @@ option: Int('ipabaseid', attribute=True, autofill=False, cli_name='base_id', mul option: Int('ipabaserid', attribute=True, autofill=False, cli_name='rid_base', multivalue=False, query=True, required=False) option: Int('ipaidrangesize', attribute=True, autofill=False, cli_name='range_size', multivalue=False, query=True, required=False) option: Str('ipanttrusteddomainsid', attribute=True, autofill=False, cli_name='dom_sid', multivalue=False, query=True, required=False) -option: Str('iparangetype', attribute=True, autofill=False, cli_name='iparangetype', multivalue=False, query=True, required=False) +option: StrEnum('iparangetype', attribute=True, autofill=False, cli_name='type', multivalue=False, query=True, required=False, values=(u'ipa-ad-trust-posix', u'ipa-ad-trust', u'ipa-local', u'ipa-ad-winsync', u'ipa-ipa-trust')) option: Int('ipasecondarybaserid', attribute=True, autofill=False, cli_name='secondary_rid_base', multivalue=False, query=True, required=False) option: Flag('pkey_only?', autofill=True, default=False) option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') @@ -2006,7 +2006,7 @@ output: ListOfEntries('result', (type 'list', type 'tuple'), Gettext('A list output: Output('summary', (type 'unicode', type 'NoneType'), None) output: Output('truncated', type 'bool', None) command: idrange_mod -args: 1,14,3 +args: 1,13,3 arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True) option: Str('addattr*', cli_name='addattr', exclude='webui') option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') @@ -2016,7 +2016,6 @@ option: Int('ipabaserid', attribute=True, autofill=False, cli_name='rid_base', m option: Int('ipaidrangesize', attribute=True, autofill=False, cli_name='range_size', multivalue=False, required=False) option: DeprecatedParam('ipanttrusteddomainname?') option: DeprecatedParam('ipanttrusteddomainsid?') -option: Str('iparangetype', attribute=True, autofill=False, cli_name='iparangetype', multivalue=False, required=False) option: Int('ipasecondarybaserid', attribute=True, autofill=False, cli_name='secondary_rid_base', multivalue=False, required=False) option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') option: Flag('rights', autofill=True, default=False) diff --git a/ipalib/plugins/idrange.py b/ipalib/plugins/idrange.py index
Re: [Freeipa-devel] [PATCHES 0061-0063] Extend ID range types rebased
On Thu, 06 Jun 2013, Tomas Babej wrote: From 0580d3c03319c72d731d0598b19e633fc536b866 Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Thu, 30 May 2013 14:07:09 +0200 Subject: [PATCH 62/63] Add update plugin to fill in ipaRangeType attribute Previously, we deduced the range type from the range objectclass and filled in virtual attribute in post_callback phase. Having a ipaRangeType attributeType in schema, we need to fill the attribute values to ranges created in previous IPA versions. The plugin follows the same approach, setting ipa-local or ipa-ad-trust value to the ipaRangeType attribute according to the objectclass of the range. Part of https://fedorahosted.org/freeipa/ticket/3647 You need also to fix bootstrap template as ipaRangeType now is mandatory attribute for the range class: - add objectClass: top ipaIDrange ipaDomainIDRange add cn: VDA.LI_id_range add ipaBaseID: 139340 add ipaIDRangeSize: 20 adding new entry cn=VDA.LI_id_range,cn=ranges,cn=etc,dc=vda,dc=li 2013-06-06T09:56:07Z DEBUG stderr=ldap_initialize( ldap://red.espoo.vda.li:389/??base ) ldap_add: Object class violation (65) additional info: missing attribute ipaRangeType required by object class ipaIDrange 2013-06-06T09:56:07Z CRITICAL Failed to load bootstrap-template.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmpkOLzK2 -H ldap://red.espoo.vda.li:389 -x -D cn=Directory Manager -y /tmp/tmpHb7d4F' returned non-zero exit status 65 2013-06-06T09:56:07Z DEBUG duration: 3 seconds -- -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES 0061-0063] Extend ID range types rebased
On 06/03/2013 05:00 PM, Tomas Babej wrote: Hi, Sending rebased versions on top of current master. Tomas Hi, A rebase was needed again. I also fixed a bug in the update plugin, since it used case-sensitive comparison of objectclasses. Updated patcheset attached. Tomas From 0580d3c03319c72d731d0598b19e633fc536b866 Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Thu, 30 May 2013 14:07:09 +0200 Subject: [PATCH 62/63] Add update plugin to fill in ipaRangeType attribute Previously, we deduced the range type from the range objectclass and filled in virtual attribute in post_callback phase. Having a ipaRangeType attributeType in schema, we need to fill the attribute values to ranges created in previous IPA versions. The plugin follows the same approach, setting ipa-local or ipa-ad-trust value to the ipaRangeType attribute according to the objectclass of the range. Part of https://fedorahosted.org/freeipa/ticket/3647 --- ipaserver/install/plugins/adtrust.py | 1 + ipaserver/install/plugins/update_idranges.py | 116 +++ 2 files changed, 117 insertions(+) create mode 100644 ipaserver/install/plugins/update_idranges.py diff --git a/ipaserver/install/plugins/adtrust.py b/ipaserver/install/plugins/adtrust.py index 555a28b8f5333cae08e5f53d23b01f1093046eff..28358588b5693a8bb451f52a52bb8ef73747353b 100644 --- a/ipaserver/install/plugins/adtrust.py +++ b/ipaserver/install/plugins/adtrust.py @@ -62,6 +62,7 @@ class update_default_range(PostUpdate): 'cn:%s' % id_range_name, 'ipabaseid:%s' % id_range_base_id, 'ipaidrangesize:%s' % id_range_size, + 'iparangetype:ipa-local', ] updates = {} diff --git a/ipaserver/install/plugins/update_idranges.py b/ipaserver/install/plugins/update_idranges.py new file mode 100644 index ..c3df98af9f0f2c5ceae3360858f8c6de069646ce --- /dev/null +++ b/ipaserver/install/plugins/update_idranges.py @@ -0,0 +1,116 @@ +# Authors: +# Tomas Babej tba...@redhat.com +# +# Copyright (C) 2013 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. + +from ipaserver.install.plugins import MIDDLE +from ipaserver.install.plugins.baseupdate import PostUpdate +from ipalib import api, errors +from ipapython.dn import DN +from ipapython.ipa_log_manager import * + + +class update_idrange_type(PostUpdate): + +Update all ID ranges that do not have ipaRangeType attribute filled. +This applies to all ID ranges prior to IPA 3.3. + + +order = MIDDLE + +def execute(self, **options): +ldap = self.obj.backend + +base_dn = DN(api.env.container_ranges, api.env.basedn) +search_filter = (((objectClass=ipaIDrange)(!(ipaRangeType=* +root_logger.debug(update_idrange_type: search for ID ranges with no + type set) + +while True: +# Run the search in loop to avoid issues when LDAP limits are hit +# during update + +try: +(entries, truncated) = ldap.find_entries(search_filter, +['objectclass'], base_dn, time_limit=0, size_limit=0) + +except errors.NotFound: +root_logger.debug(update_idrange_type: no ID range without + type set found) +return (False, False, []) + +except errors.ExecutionError, e: +root_logger.error(update_idrange_type: cannot retrieve list + of ranges with no type set: %s, e) +return (False, False, []) + +if not entries: +# No entry was returned, rather break than continue cycling +root_logger.debug(update_idrange_type: no ID range was + returned) +return (False, False, []) + +root_logger.debug(update_idrange_type: found %d + idranges to update, truncated: %s, + len(entries), truncated) + +error = False + +# Set the range type +for dn, entry in entries: +update = {} + +objectclasses = [o.lower()
[Freeipa-devel] [PATCHES 0061-0063] Extend ID range types rebased
Hi, Sending rebased versions on top of current master. Tomas From 589be38f4e34fc759fc9aff580f2d17e0eae52bb Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Thu, 30 May 2013 14:02:44 +0200 Subject: [PATCH 61/63] Add ipaRangeType attribute to LDAP Schema This adds a new LDAP attribute ipaRangeType with OID 2.16.840.1.113730.3.8.11.41 to the LDAP Schema. ObjectClass ipaIDrange has been altered to require ipaRangeType attribute. Part of https://fedorahosted.org/freeipa/ticket/3647 --- install/share/60basev3.ldif | 3 ++- install/updates/62-ranges.update | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/install/share/60basev3.ldif b/install/share/60basev3.ldif index 435948faefb66870aba20248ef88fae90505609c..b84789e25d75033f18fa5b70f69d852ddf35b7ca 100644 --- a/install/share/60basev3.ldif +++ b/install/share/60basev3.ldif @@ -37,6 +37,7 @@ attributeTypes: (2.16.840.1.113730.3.8.11.36 NAME 'ipaSecondaryBaseRID' DESC 'Fi attributeTypes: (2.16.840.1.113730.3.8.11.38 NAME 'ipaNTSIDBlacklistIncoming' DESC 'Extra SIDs filtered out from incoming MS-PAC' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'IPA v3') attributeTypes: (2.16.840.1.113730.3.8.11.39 NAME 'ipaNTSIDBlacklistOutgoing' DESC 'Extra SIDs filtered out from outgoing MS-PAC' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'IPA v3') attributeTypes: (2.16.840.1.113730.3.8.11.40 NAME 'ipaUserAuthType' DESC 'Allowed authentication methods' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v3') +attributeTypes: (2.16.840.1.113730.3.8.11.41 NAME 'ipaRangeType' DESC 'Range type' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'IPA v3' ) objectClasses: (2.16.840.1.113730.3.8.12.1 NAME 'ipaExternalGroup' SUP top STRUCTURAL MUST ( cn ) MAY ( ipaExternalMember $ memberOf $ description $ owner) X-ORIGIN 'IPA v3' ) objectClasses: (2.16.840.1.113730.3.8.12.2 NAME 'ipaNTUserAttrs' SUP top AUXILIARY MUST ( ipaNTSecurityIdentifier ) MAY ( ipaNTHash $ ipaNTLogonScript $ ipaNTProfilePath $ ipaNTHomeDirectory $ ipaNTHomeDirectoryDrive ) X-ORIGIN 'IPA v3' ) objectClasses: (2.16.840.1.113730.3.8.12.3 NAME 'ipaNTGroupAttrs' SUP top AUXILIARY MUST ( ipaNTSecurityIdentifier ) X-ORIGIN 'IPA v3' ) @@ -49,7 +50,7 @@ objectClasses: (2.16.840.1.113730.3.8.12.11 NAME 'ipaSshGroupOfPubKeys' ABSTRACT objectClasses: (2.16.840.1.113730.3.8.12.12 NAME 'ipaSshUser' SUP ipaSshGroupOfPubKeys AUXILIARY X-ORIGIN 'IPA v3' ) objectClasses: (2.16.840.1.113730.3.8.12.13 NAME 'ipaSshHost' SUP ipaSshGroupOfPubKeys AUXILIARY X-ORIGIN 'IPA v3' ) objectClasses: (2.16.840.1.113730.3.8.12.14 NAME 'ipaIDobject' SUP top AUXILIARY MAY ( uidNumber $ gidNumber $ ipaNTSecurityIdentifier ) X-ORIGIN 'IPA v3' ) -objectClasses: (2.16.840.1.113730.3.8.12.15 NAME 'ipaIDrange' ABSTRACT MUST ( cn $ ipaBaseID $ ipaIDRangeSize ) X-ORIGIN 'IPA v3' ) +objectClasses: (2.16.840.1.113730.3.8.12.15 NAME 'ipaIDrange' ABSTRACT MUST ( cn $ ipaBaseID $ ipaIDRangeSize $ ipaRangeType ) X-ORIGIN 'IPA v3' ) objectClasses: (2.16.840.1.113730.3.8.12.16 NAME 'ipaDomainIDRange' SUP ipaIDrange STRUCTURAL MAY ( ipaBaseRID $ ipaSecondaryBaseRID ) X-ORIGIN 'IPA v3' ) objectClasses: (2.16.840.1.113730.3.8.12.17 NAME 'ipaTrustedADDomainRange' SUP ipaIDrange STRUCTURAL MUST ( ipaBaseRID $ ipaNTTrustedDomainSID ) X-ORIGIN 'IPA v3' ) objectclasses: (2.16.840.1.113730.3.8.12.19 NAME 'ipaUserAuthTypeClass' SUP top AUXILIARY DESC 'Class for authentication methods definition' MAY ipaUserAuthType X-ORIGIN 'IPA v3') diff --git a/install/updates/62-ranges.update b/install/updates/62-ranges.update index 79d5326d6000d038923b2a92dcdec98370fa90f4..c2eb6dca7077aebf56b06b39710b3c46db799aed 100644 --- a/install/updates/62-ranges.update +++ b/install/updates/62-ranges.update @@ -3,10 +3,12 @@ add:attributeTypes: (2.16.840.1.113730.3.8.11.33 NAME 'ipaBaseID' DESC 'First va add:attributeTypes: (2.16.840.1.113730.3.8.11.34 NAME 'ipaIDRangeSize' DESC 'Size of a Posix ID range' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'IPA v3' ) add:attributeTypes: (2.16.840.1.113730.3.8.11.35 NAME 'ipaBaseRID' DESC 'First value of a RID range' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'IPA v3' ) add:attributeTypes: (2.16.840.1.113730.3.8.11.36 NAME 'ipaSecondaryBaseRID' DESC 'First value of a secondary RID range' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'IPA v3' ) +add:attributeTypes: (2.16.840.1.113730.3.8.11.41 NAME 'ipaRangeType' DESC 'Range type' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'IPA v3' ) add:objectClasses: (2.16.840.1.113730.3.8.12.14 NAME 'ipaIDobject'