Re: [Freeipa-devel] [PATCHES 0061-0063] Extend ID range types rebased
On 06/07/2013 05:44 PM, Alexander Bokovoy wrote:
On Fri, 07 Jun 2013, Tomas Babej wrote:
On 06/07/2013 03:41 PM, Alexander Bokovoy wrote:
Hi,
in patch 0061:
On Fri, 07 Jun 2013, Tomas Babej wrote:
+range_types = {
+u'ipa-local': unicode(_(u'local domain range')),
+u'ipa-ad-winsync': unicode(_('Active Directory winsync
range')),
+u'ipa-ad-trust': unicode(_('Active Directory domain range')),
+u'ipa-ad-trust-posix': unicode(_('Active Directory trust
range with '
+'POSIX attributes')),
+u'ipa-ipa-trust': unicode(_('IPA trust range')),
+ }
Why there is _(u'local domain range') and then others without Unicode
strings? Either way is fine but there should be consistency.
Sure, fixed.
The rest of this patch would be much shorter if there wouldn't
additional whitespace. Could you please git rid of that?
Whitespaces are intentional, these are fixes for PEP8 E302 errors.
If they are intentional, please send them as separate patch.
Sending the whole patchset updated.
Please split the whitespace fixes from the functional ones.
No problem, patches split.
Tomas
From e930e4a6e1beba76bb3ac82b4efb69675713c3cf Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Mon, 10 Jun 2013 10:45:04 +0200
Subject: [PATCH 64/64] PEP8 fixes in idrange.py
---
ipalib/plugins/idrange.py | 25 +
1 file changed, 17 insertions(+), 8 deletions(-)
diff --git a/ipalib/plugins/idrange.py b/ipalib/plugins/idrange.py
index 257730986afe66741cd324649fc1953fa7310330..abca492978d04c71b78a89df8e5c2d1d51c06398 100644
--- a/ipalib/plugins/idrange.py
+++ b/ipalib/plugins/idrange.py
@@ -150,6 +150,7 @@ IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to be
modified to match the new range.
)
+
class idrange(LDAPObject):
Range object.
@@ -230,7 +231,8 @@ class idrange(LDAPObject):
if not options.get('all', False) or options.get('pkey_only', False):
entry_attrs.pop('objectclass', None)
-def check_ids_in_modified_range(self, old_base, old_size, new_base, new_size):
+def check_ids_in_modified_range(self, old_base, old_size, new_base,
+new_size):
if new_base is None and new_size is None:
# nothing to check
return
@@ -243,12 +245,12 @@ class idrange(LDAPObject):
checked_intervals = []
low_diff = new_interval[0] - old_interval[0]
if low_diff 0:
-checked_intervals.append(
-(old_interval[0], min(old_interval[1], new_interval[0] - 1)))
+checked_intervals.append((old_interval[0],
+min(old_interval[1], new_interval[0] - 1)))
high_diff = old_interval[1] - new_interval[1]
if high_diff 0:
-checked_intervals.append(
-(max(old_interval[0], new_interval[1] + 1), old_interval[1]))
+checked_intervals.append((max(old_interval[0], new_interval[1] + 1),
+ old_interval[1]))
if not checked_intervals:
# range is equal or covers the entire old range, nothing to check
@@ -458,7 +460,8 @@ class idrange_add(LDAPCreate):
'be used together'))
# Validate SID as the one of trusted domains
-self.obj.validate_trusted_domain_sid(entry_attrs['ipanttrusteddomainsid'])
+self.obj.validate_trusted_domain_sid(
+entry_attrs['ipanttrusteddomainsid'])
# ipaNTTrustedDomainSID attribute not set, this is local domain range
else:
@@ -500,6 +503,7 @@ class idrange_add(LDAPCreate):
keep_objectclass=True)
return dn
+
class idrange_del(LDAPDelete):
__doc__ = _('Delete an ID range.')
@@ -534,6 +538,7 @@ class idrange_del(LDAPDelete):
return dn
+
class idrange_find(LDAPSearch):
__doc__ = _('Search for ranges.')
@@ -543,7 +548,8 @@ class idrange_find(LDAPSearch):
# Since all range types are stored within separate containers under
# 'cn=ranges,cn=etc' search can be done on a one-level scope
-def pre_callback(self, ldap, filters, attrs_list, base_dn, scope, *args, **options):
+def pre_callback(self, ldap, filters, attrs_list, base_dn, scope, *args,
+ **options):
assert isinstance(base_dn, DN)
attrs_list.append('objectclass')
return (filters, base_dn, ldap.SCOPE_ONELEVEL)
@@ -553,6 +559,7 @@ class idrange_find(LDAPSearch):
self.obj.handle_iparangetype(entry, options)
return truncated
+
class idrange_show(LDAPRetrieve):
__doc__ = _('Display information about a range.')
@@ -566,6 +573,7 @@ class idrange_show(LDAPRetrieve):
self.obj.handle_iparangetype(entry_attrs, options)
Re: [Freeipa-devel] [PATCHES 0061-0063] Extend ID range types rebased
On Mon, 10 Jun 2013, Tomas Babej wrote:
On 06/07/2013 05:44 PM, Alexander Bokovoy wrote:
On Fri, 07 Jun 2013, Tomas Babej wrote:
On 06/07/2013 03:41 PM, Alexander Bokovoy wrote:
Hi,
in patch 0061:
On Fri, 07 Jun 2013, Tomas Babej wrote:
+range_types = {
+u'ipa-local': unicode(_(u'local domain range')),
+u'ipa-ad-winsync': unicode(_('Active Directory
winsync range')),
+u'ipa-ad-trust': unicode(_('Active Directory domain range')),
+u'ipa-ad-trust-posix': unicode(_('Active Directory
trust range with '
+'POSIX attributes')),
+u'ipa-ipa-trust': unicode(_('IPA trust range')),
+ }
Why there is _(u'local domain range') and then others without Unicode
strings? Either way is fine but there should be consistency.
Sure, fixed.
The rest of this patch would be much shorter if there wouldn't
additional whitespace. Could you please git rid of that?
Whitespaces are intentional, these are fixes for PEP8 E302 errors.
If they are intentional, please send them as separate patch.
Sending the whole patchset updated.
Please split the whitespace fixes from the functional ones.
No problem, patches split.
Thanks.
ACK, pushed to master.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES 0061-0063] Extend ID range types rebased
On 06/10/2013 10:52 AM, Tomas Babej wrote:
On 06/07/2013 05:44 PM, Alexander Bokovoy wrote:
On Fri, 07 Jun 2013, Tomas Babej wrote:
On 06/07/2013 03:41 PM, Alexander Bokovoy wrote:
Hi,
in patch 0061:
On Fri, 07 Jun 2013, Tomas Babej wrote:
+range_types = {
+u'ipa-local': unicode(_(u'local domain range')),
+u'ipa-ad-winsync': unicode(_('Active Directory winsync
range')),
+u'ipa-ad-trust': unicode(_('Active Directory domain range')),
+u'ipa-ad-trust-posix': unicode(_('Active Directory trust
range with '
+'POSIX attributes')),
+u'ipa-ipa-trust': unicode(_('IPA trust range')),
+ }
Why there is _(u'local domain range') and then others without Unicode
strings? Either way is fine but there should be consistency.
Sure, fixed.
The rest of this patch would be much shorter if there wouldn't
additional whitespace. Could you please git rid of that?
Whitespaces are intentional, these are fixes for PEP8 E302 errors.
If they are intentional, please send them as separate patch.
Sending the whole patchset updated.
Please split the whitespace fixes from the functional ones.
No problem, patches split.
Tomas
Hello,
I got a test failure, most likely caused by this patch. In
test_range_plugin.py, there are some manually added ranges without the
new required attribute.
Traceback (most recent call last):
File /usr/lib/python2.7/site-packages/nose/suite.py, line 208, in run
self.setUp()
File /usr/lib/python2.7/site-packages/nose/suite.py, line 291, in setUp
self.setupContext(ancestor)
File /usr/lib/python2.7/site-packages/nose/suite.py, line 314, in
setupContext
try_run(context, names)
File /usr/lib/python2.7/site-packages/nose/util.py, line 469, in
try_run
return func()
File
/var/lib/jenkins/workspace/install-and-make-test/tests/test_xmlrpc/test_range_plugin.py,
line 159, in setUpClass
self.add_entry(testrange9_dn, testrange9_add)
File
/var/lib/jenkins/workspace/install-and-make-test/tests/test_xmlrpc/test_range_plugin.py,
line 148, in add_entry
self.connection.add_s(dn, ldif)
File /usr/lib64/python2.7/site-packages/ldap/ldapobject.py, line
195, in add_s
return self.result(msgid,all=1,timeout=self.timeout)
File /usr/lib64/python2.7/site-packages/ldap/ldapobject.py, line
458, in result
resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
File /usr/lib64/python2.7/site-packages/ldap/ldapobject.py, line
462, in result2
resp_type, resp_data, resp_msgid, resp_ctrls =
self.result3(msgid,all,timeout)
File /usr/lib64/python2.7/site-packages/ldap/ldapobject.py, line
469, in result3
resp_ctrl_classes=resp_ctrl_classes
File /usr/lib64/python2.7/site-packages/ldap/ldapobject.py, line
476, in result4
ldap_result =
self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File /usr/lib64/python2.7/site-packages/ldap/ldapobject.py, line
99, in _ldap_call
result = func(*args,**kwargs)
OBJECT_CLASS_VIOLATION: {'info': 'missing attribute ipaRangeType
required by object class ipaIDrange\n', 'desc': 'Object class violation'}
--
PetrĀ³
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES 0061-0063] Extend ID range types rebased
On Mon, 10 Jun 2013, Petr Viktorin wrote:
On 06/10/2013 10:52 AM, Tomas Babej wrote:
On 06/07/2013 05:44 PM, Alexander Bokovoy wrote:
On Fri, 07 Jun 2013, Tomas Babej wrote:
On 06/07/2013 03:41 PM, Alexander Bokovoy wrote:
Hi,
in patch 0061:
On Fri, 07 Jun 2013, Tomas Babej wrote:
+range_types = {
+u'ipa-local': unicode(_(u'local domain range')),
+u'ipa-ad-winsync': unicode(_('Active Directory winsync
range')),
+u'ipa-ad-trust': unicode(_('Active Directory domain range')),
+u'ipa-ad-trust-posix': unicode(_('Active Directory trust
range with '
+'POSIX attributes')),
+u'ipa-ipa-trust': unicode(_('IPA trust range')),
+ }
Why there is _(u'local domain range') and then others without Unicode
strings? Either way is fine but there should be consistency.
Sure, fixed.
The rest of this patch would be much shorter if there wouldn't
additional whitespace. Could you please git rid of that?
Whitespaces are intentional, these are fixes for PEP8 E302 errors.
If they are intentional, please send them as separate patch.
Sending the whole patchset updated.
Please split the whitespace fixes from the functional ones.
No problem, patches split.
Tomas
Hello,
I got a test failure, most likely caused by this patch. In
test_range_plugin.py, there are some manually added ranges without
the new required attribute.
Good catch, thanks!
I'd suggest to fix this as part of patch 0070 that Tomas sent in today
because it touches the same code.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES 0061-0063] Extend ID range types rebased
On 06/06/2013 12:00 PM, Alexander Bokovoy wrote:
On Thu, 06 Jun 2013, Tomas Babej wrote:
From 0580d3c03319c72d731d0598b19e633fc536b866 Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Thu, 30 May 2013 14:07:09 +0200
Subject: [PATCH 62/63] Add update plugin to fill in ipaRangeType
attribute
Previously, we deduced the range type from the range objectclass
and filled in virtual attribute in post_callback phase.
Having a ipaRangeType attributeType in schema, we need to fill
the attribute values to ranges created in previous IPA versions.
The plugin follows the same approach, setting ipa-local or
ipa-ad-trust value to the ipaRangeType attribute according
to the objectclass of the range.
Part of https://fedorahosted.org/freeipa/ticket/3647
You need also to fix bootstrap template as ipaRangeType now is mandatory
attribute for the range class:
Updated patches attached.
Tomas
From 6448e7b58ffbfaa92bcb2d9412e28934afb825b8 Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Thu, 30 May 2013 14:12:52 +0200
Subject: [PATCH] Extend idrange commands to support new range origin types
Following values of ipaRangeType attribute are supported
and translated accordingly in the idrange commands:
'ipa-local': 'local domain range'
'ipa-ad-winsync': 'Active Directory winsync range'
'ipa-ad-trust': 'Active Directory domain range'
'ipa-ad-trust-posix': 'Active Directory trust range with
POSIX attributes'
'ipa-ipa-trust': 'IPA trust range'
Part of https://fedorahosted.org/freeipa/ticket/3647
---
API.txt | 7 ++---
ipalib/plugins/idrange.py | 75 +--
2 files changed, 63 insertions(+), 19 deletions(-)
diff --git a/API.txt b/API.txt
index 0a4b356e6f8a66d785e222f5941ff65a3cb484b7..1313460de66d8e12fc7a068cda0cf30658bcdd1b 100644
--- a/API.txt
+++ b/API.txt
@@ -1969,7 +1969,7 @@ option: Int('ipabaserid', attribute=True, cli_name='rid_base', multivalue=False,
option: Int('ipaidrangesize', attribute=True, cli_name='range_size', multivalue=False, required=True)
option: Str('ipanttrusteddomainname', attribute=False, cli_name='dom_name', multivalue=False, required=False)
option: Str('ipanttrusteddomainsid', attribute=True, cli_name='dom_sid', multivalue=False, required=False)
-option: Str('iparangetype', attribute=True, cli_name='iparangetype', multivalue=False, required=False)
+option: StrEnum('iparangetype', attribute=True, cli_name='type', multivalue=False, required=False, values=(u'ipa-ad-trust-posix', u'ipa-ad-trust', u'ipa-local', u'ipa-ad-winsync', u'ipa-ipa-trust'))
option: Int('ipasecondarybaserid', attribute=True, cli_name='secondary_rid_base', multivalue=False, required=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
option: Str('setattr*', cli_name='setattr', exclude='webui')
@@ -1994,7 +1994,7 @@ option: Int('ipabaseid', attribute=True, autofill=False, cli_name='base_id', mul
option: Int('ipabaserid', attribute=True, autofill=False, cli_name='rid_base', multivalue=False, query=True, required=False)
option: Int('ipaidrangesize', attribute=True, autofill=False, cli_name='range_size', multivalue=False, query=True, required=False)
option: Str('ipanttrusteddomainsid', attribute=True, autofill=False, cli_name='dom_sid', multivalue=False, query=True, required=False)
-option: Str('iparangetype', attribute=True, autofill=False, cli_name='iparangetype', multivalue=False, query=True, required=False)
+option: StrEnum('iparangetype', attribute=True, autofill=False, cli_name='type', multivalue=False, query=True, required=False, values=(u'ipa-ad-trust-posix', u'ipa-ad-trust', u'ipa-local', u'ipa-ad-winsync', u'ipa-ipa-trust'))
option: Int('ipasecondarybaserid', attribute=True, autofill=False, cli_name='secondary_rid_base', multivalue=False, query=True, required=False)
option: Flag('pkey_only?', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
@@ -2006,7 +2006,7 @@ output: ListOfEntries('result', (type 'list', type 'tuple'), Gettext('A list
output: Output('summary', (type 'unicode', type 'NoneType'), None)
output: Output('truncated', type 'bool', None)
command: idrange_mod
-args: 1,14,3
+args: 1,13,3
arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True)
option: Str('addattr*', cli_name='addattr', exclude='webui')
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
@@ -2016,7 +2016,6 @@ option: Int('ipabaserid', attribute=True, autofill=False, cli_name='rid_base', m
option: Int('ipaidrangesize', attribute=True, autofill=False, cli_name='range_size', multivalue=False, required=False)
option: DeprecatedParam('ipanttrusteddomainname?')
option: DeprecatedParam('ipanttrusteddomainsid?')
-option: Str('iparangetype', attribute=True, autofill=False, cli_name='iparangetype', multivalue=False,
Re: [Freeipa-devel] [PATCHES 0061-0063] Extend ID range types rebased
Hi,
in patch 0061:
On Fri, 07 Jun 2013, Tomas Babej wrote:
+range_types = {
+u'ipa-local': unicode(_(u'local domain range')),
+u'ipa-ad-winsync': unicode(_('Active Directory winsync range')),
+u'ipa-ad-trust': unicode(_('Active Directory domain range')),
+u'ipa-ad-trust-posix': unicode(_('Active Directory trust range with '
+'POSIX attributes')),
+u'ipa-ipa-trust': unicode(_('IPA trust range')),
+ }
Why there is _(u'local domain range') and then others without Unicode
strings? Either way is fine but there should be consistency.
The rest of this patch would be much shorter if there wouldn't
additional whitespace. Could you please git rid of that?
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES 0061-0063] Extend ID range types rebased
On Fri, 07 Jun 2013, Tomas Babej wrote: From e3b073011518f37497f08b0b4f4e34881b671a0a Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Thu, 30 May 2013 14:07:09 +0200 Subject: [PATCH 62/63] Add update plugin to fill in ipaRangeType attribute Previously, we deduced the range type from the range objectclass and filled in virtual attribute in post_callback phase. Having a ipaRangeType attributeType in schema, we need to fill the attribute values to ranges created in previous IPA versions. The plugin follows the same approach, setting ipa-local or ipa-ad-trust value to the ipaRangeType attribute according to the objectclass of the range. Part of https://fedorahosted.org/freeipa/ticket/3647 ACK. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES 0061-0063] Extend ID range types rebased
On Fri, 07 Jun 2013, Tomas Babej wrote: From 85ec5eca8a4dac379902b535b17995c0bfacb428 Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Thu, 30 May 2013 14:02:44 +0200 Subject: [PATCH 61/63] Add ipaRangeType attribute to LDAP Schema This adds a new LDAP attribute ipaRangeType with OID 2.16.840.1.113730.3.8.11.41 to the LDAP Schema. ObjectClass ipaIDrange has been altered to require ipaRangeType attribute. Part of https://fedorahosted.org/freeipa/ticket/3647 ACK. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES 0061-0063] Extend ID range types rebased
On 06/07/2013 03:41 PM, Alexander Bokovoy wrote:
Hi,
in patch 0061:
On Fri, 07 Jun 2013, Tomas Babej wrote:
+range_types = {
+u'ipa-local': unicode(_(u'local domain range')),
+u'ipa-ad-winsync': unicode(_('Active Directory winsync
range')),
+u'ipa-ad-trust': unicode(_('Active Directory domain range')),
+u'ipa-ad-trust-posix': unicode(_('Active Directory trust
range with '
+'POSIX attributes')),
+u'ipa-ipa-trust': unicode(_('IPA trust range')),
+ }
Why there is _(u'local domain range') and then others without Unicode
strings? Either way is fine but there should be consistency.
Sure, fixed.
The rest of this patch would be much shorter if there wouldn't
additional whitespace. Could you please git rid of that?
Whitespaces are intentional, these are fixes for PEP8 E302 errors.
Sending the whole patchset updated.
Tomas
From 5502e0817aace0b1aa7ae4bd5cd62a3463164ff5 Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Thu, 30 May 2013 14:12:52 +0200
Subject: [PATCH] Extend idrange commands to support new range origin types
Following values of ipaRangeType attribute are supported
and translated accordingly in the idrange commands:
'ipa-local': 'local domain range'
'ipa-ad-winsync': 'Active Directory winsync range'
'ipa-ad-trust': 'Active Directory domain range'
'ipa-ad-trust-posix': 'Active Directory trust range with
POSIX attributes'
'ipa-ipa-trust': 'IPA trust range'
Part of https://fedorahosted.org/freeipa/ticket/3647
---
API.txt | 7 ++---
ipalib/plugins/idrange.py | 75 +--
2 files changed, 63 insertions(+), 19 deletions(-)
diff --git a/API.txt b/API.txt
index 0a4b356e6f8a66d785e222f5941ff65a3cb484b7..1313460de66d8e12fc7a068cda0cf30658bcdd1b 100644
--- a/API.txt
+++ b/API.txt
@@ -1969,7 +1969,7 @@ option: Int('ipabaserid', attribute=True, cli_name='rid_base', multivalue=False,
option: Int('ipaidrangesize', attribute=True, cli_name='range_size', multivalue=False, required=True)
option: Str('ipanttrusteddomainname', attribute=False, cli_name='dom_name', multivalue=False, required=False)
option: Str('ipanttrusteddomainsid', attribute=True, cli_name='dom_sid', multivalue=False, required=False)
-option: Str('iparangetype', attribute=True, cli_name='iparangetype', multivalue=False, required=False)
+option: StrEnum('iparangetype', attribute=True, cli_name='type', multivalue=False, required=False, values=(u'ipa-ad-trust-posix', u'ipa-ad-trust', u'ipa-local', u'ipa-ad-winsync', u'ipa-ipa-trust'))
option: Int('ipasecondarybaserid', attribute=True, cli_name='secondary_rid_base', multivalue=False, required=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
option: Str('setattr*', cli_name='setattr', exclude='webui')
@@ -1994,7 +1994,7 @@ option: Int('ipabaseid', attribute=True, autofill=False, cli_name='base_id', mul
option: Int('ipabaserid', attribute=True, autofill=False, cli_name='rid_base', multivalue=False, query=True, required=False)
option: Int('ipaidrangesize', attribute=True, autofill=False, cli_name='range_size', multivalue=False, query=True, required=False)
option: Str('ipanttrusteddomainsid', attribute=True, autofill=False, cli_name='dom_sid', multivalue=False, query=True, required=False)
-option: Str('iparangetype', attribute=True, autofill=False, cli_name='iparangetype', multivalue=False, query=True, required=False)
+option: StrEnum('iparangetype', attribute=True, autofill=False, cli_name='type', multivalue=False, query=True, required=False, values=(u'ipa-ad-trust-posix', u'ipa-ad-trust', u'ipa-local', u'ipa-ad-winsync', u'ipa-ipa-trust'))
option: Int('ipasecondarybaserid', attribute=True, autofill=False, cli_name='secondary_rid_base', multivalue=False, query=True, required=False)
option: Flag('pkey_only?', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
@@ -2006,7 +2006,7 @@ output: ListOfEntries('result', (type 'list', type 'tuple'), Gettext('A list
output: Output('summary', (type 'unicode', type 'NoneType'), None)
output: Output('truncated', type 'bool', None)
command: idrange_mod
-args: 1,14,3
+args: 1,13,3
arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True)
option: Str('addattr*', cli_name='addattr', exclude='webui')
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
@@ -2016,7 +2016,6 @@ option: Int('ipabaserid', attribute=True, autofill=False, cli_name='rid_base', m
option: Int('ipaidrangesize', attribute=True, autofill=False, cli_name='range_size', multivalue=False, required=False)
option: DeprecatedParam('ipanttrusteddomainname?')
option: DeprecatedParam('ipanttrusteddomainsid?')
-option: Str('iparangetype', attribute=True, autofill=False,
Re: [Freeipa-devel] [PATCHES 0061-0063] Extend ID range types rebased
On Fri, 07 Jun 2013, Tomas Babej wrote:
On 06/07/2013 03:41 PM, Alexander Bokovoy wrote:
Hi,
in patch 0061:
On Fri, 07 Jun 2013, Tomas Babej wrote:
+range_types = {
+u'ipa-local': unicode(_(u'local domain range')),
+u'ipa-ad-winsync': unicode(_('Active Directory winsync
range')),
+u'ipa-ad-trust': unicode(_('Active Directory domain range')),
+u'ipa-ad-trust-posix': unicode(_('Active Directory
trust range with '
+'POSIX attributes')),
+u'ipa-ipa-trust': unicode(_('IPA trust range')),
+ }
Why there is _(u'local domain range') and then others without Unicode
strings? Either way is fine but there should be consistency.
Sure, fixed.
The rest of this patch would be much shorter if there wouldn't
additional whitespace. Could you please git rid of that?
Whitespaces are intentional, these are fixes for PEP8 E302 errors.
If they are intentional, please send them as separate patch.
Sending the whole patchset updated.
Please split the whitespace fixes from the functional ones.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES 0061-0063] Extend ID range types rebased
On 06/05/2013 02:53 PM, Tomas Babej wrote:
On 06/03/2013 05:00 PM, Tomas Babej wrote:
Hi,
Sending rebased versions on top of current master.
Tomas
Hi,
A rebase was needed again.
I also fixed a bug in the update plugin, since it used case-sensitive
comparison of objectclasses.
Updated patcheset attached.
Tomas
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Patcheset updated with the changes required for the patch 67.
Tomas
From de961306fc4582c0e63d28f42ad60df6e956443b Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Thu, 30 May 2013 14:12:52 +0200
Subject: [PATCH] Extend idrange commands to support new range origin types
Following values of ipaRangeType attribute are supported
and translated accordingly in the idrange commands:
'ipa-local': 'local domain range'
'ipa-ad-winsync': 'Active Directory winsync range'
'ipa-ad-trust': 'Active Directory domain range'
'ipa-ad-trust-posix': 'Active Directory trust range with
POSIX attributes'
'ipa-ipa-trust': 'IPA trust range'
Part of https://fedorahosted.org/freeipa/ticket/3647
---
API.txt | 7 ++---
ipalib/plugins/idrange.py | 74 ++-
2 files changed, 63 insertions(+), 18 deletions(-)
diff --git a/API.txt b/API.txt
index 0a4b356e6f8a66d785e222f5941ff65a3cb484b7..1313460de66d8e12fc7a068cda0cf30658bcdd1b 100644
--- a/API.txt
+++ b/API.txt
@@ -1969,7 +1969,7 @@ option: Int('ipabaserid', attribute=True, cli_name='rid_base', multivalue=False,
option: Int('ipaidrangesize', attribute=True, cli_name='range_size', multivalue=False, required=True)
option: Str('ipanttrusteddomainname', attribute=False, cli_name='dom_name', multivalue=False, required=False)
option: Str('ipanttrusteddomainsid', attribute=True, cli_name='dom_sid', multivalue=False, required=False)
-option: Str('iparangetype', attribute=True, cli_name='iparangetype', multivalue=False, required=False)
+option: StrEnum('iparangetype', attribute=True, cli_name='type', multivalue=False, required=False, values=(u'ipa-ad-trust-posix', u'ipa-ad-trust', u'ipa-local', u'ipa-ad-winsync', u'ipa-ipa-trust'))
option: Int('ipasecondarybaserid', attribute=True, cli_name='secondary_rid_base', multivalue=False, required=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
option: Str('setattr*', cli_name='setattr', exclude='webui')
@@ -1994,7 +1994,7 @@ option: Int('ipabaseid', attribute=True, autofill=False, cli_name='base_id', mul
option: Int('ipabaserid', attribute=True, autofill=False, cli_name='rid_base', multivalue=False, query=True, required=False)
option: Int('ipaidrangesize', attribute=True, autofill=False, cli_name='range_size', multivalue=False, query=True, required=False)
option: Str('ipanttrusteddomainsid', attribute=True, autofill=False, cli_name='dom_sid', multivalue=False, query=True, required=False)
-option: Str('iparangetype', attribute=True, autofill=False, cli_name='iparangetype', multivalue=False, query=True, required=False)
+option: StrEnum('iparangetype', attribute=True, autofill=False, cli_name='type', multivalue=False, query=True, required=False, values=(u'ipa-ad-trust-posix', u'ipa-ad-trust', u'ipa-local', u'ipa-ad-winsync', u'ipa-ipa-trust'))
option: Int('ipasecondarybaserid', attribute=True, autofill=False, cli_name='secondary_rid_base', multivalue=False, query=True, required=False)
option: Flag('pkey_only?', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
@@ -2006,7 +2006,7 @@ output: ListOfEntries('result', (type 'list', type 'tuple'), Gettext('A list
output: Output('summary', (type 'unicode', type 'NoneType'), None)
output: Output('truncated', type 'bool', None)
command: idrange_mod
-args: 1,14,3
+args: 1,13,3
arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True)
option: Str('addattr*', cli_name='addattr', exclude='webui')
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
@@ -2016,7 +2016,6 @@ option: Int('ipabaserid', attribute=True, autofill=False, cli_name='rid_base', m
option: Int('ipaidrangesize', attribute=True, autofill=False, cli_name='range_size', multivalue=False, required=False)
option: DeprecatedParam('ipanttrusteddomainname?')
option: DeprecatedParam('ipanttrusteddomainsid?')
-option: Str('iparangetype', attribute=True, autofill=False, cli_name='iparangetype', multivalue=False, required=False)
option: Int('ipasecondarybaserid', attribute=True, autofill=False, cli_name='secondary_rid_base', multivalue=False, required=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
option: Flag('rights', autofill=True, default=False)
diff --git a/ipalib/plugins/idrange.py b/ipalib/plugins/idrange.py
index
Re: [Freeipa-devel] [PATCHES 0061-0063] Extend ID range types rebased
On Thu, 06 Jun 2013, Tomas Babej wrote: From 0580d3c03319c72d731d0598b19e633fc536b866 Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Thu, 30 May 2013 14:07:09 +0200 Subject: [PATCH 62/63] Add update plugin to fill in ipaRangeType attribute Previously, we deduced the range type from the range objectclass and filled in virtual attribute in post_callback phase. Having a ipaRangeType attributeType in schema, we need to fill the attribute values to ranges created in previous IPA versions. The plugin follows the same approach, setting ipa-local or ipa-ad-trust value to the ipaRangeType attribute according to the objectclass of the range. Part of https://fedorahosted.org/freeipa/ticket/3647 You need also to fix bootstrap template as ipaRangeType now is mandatory attribute for the range class: - add objectClass: top ipaIDrange ipaDomainIDRange add cn: VDA.LI_id_range add ipaBaseID: 139340 add ipaIDRangeSize: 20 adding new entry cn=VDA.LI_id_range,cn=ranges,cn=etc,dc=vda,dc=li 2013-06-06T09:56:07Z DEBUG stderr=ldap_initialize( ldap://red.espoo.vda.li:389/??base ) ldap_add: Object class violation (65) additional info: missing attribute ipaRangeType required by object class ipaIDrange 2013-06-06T09:56:07Z CRITICAL Failed to load bootstrap-template.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmpkOLzK2 -H ldap://red.espoo.vda.li:389 -x -D cn=Directory Manager -y /tmp/tmpHb7d4F' returned non-zero exit status 65 2013-06-06T09:56:07Z DEBUG duration: 3 seconds -- -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCHES 0061-0063] Extend ID range types rebased
On 06/03/2013 05:00 PM, Tomas Babej wrote:
Hi,
Sending rebased versions on top of current master.
Tomas
Hi,
A rebase was needed again.
I also fixed a bug in the update plugin, since it used case-sensitive
comparison of objectclasses.
Updated patcheset attached.
Tomas
From 0580d3c03319c72d731d0598b19e633fc536b866 Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Thu, 30 May 2013 14:07:09 +0200
Subject: [PATCH 62/63] Add update plugin to fill in ipaRangeType attribute
Previously, we deduced the range type from the range objectclass
and filled in virtual attribute in post_callback phase.
Having a ipaRangeType attributeType in schema, we need to fill
the attribute values to ranges created in previous IPA versions.
The plugin follows the same approach, setting ipa-local or
ipa-ad-trust value to the ipaRangeType attribute according
to the objectclass of the range.
Part of https://fedorahosted.org/freeipa/ticket/3647
---
ipaserver/install/plugins/adtrust.py | 1 +
ipaserver/install/plugins/update_idranges.py | 116 +++
2 files changed, 117 insertions(+)
create mode 100644 ipaserver/install/plugins/update_idranges.py
diff --git a/ipaserver/install/plugins/adtrust.py b/ipaserver/install/plugins/adtrust.py
index 555a28b8f5333cae08e5f53d23b01f1093046eff..28358588b5693a8bb451f52a52bb8ef73747353b 100644
--- a/ipaserver/install/plugins/adtrust.py
+++ b/ipaserver/install/plugins/adtrust.py
@@ -62,6 +62,7 @@ class update_default_range(PostUpdate):
'cn:%s' % id_range_name,
'ipabaseid:%s' % id_range_base_id,
'ipaidrangesize:%s' % id_range_size,
+ 'iparangetype:ipa-local',
]
updates = {}
diff --git a/ipaserver/install/plugins/update_idranges.py b/ipaserver/install/plugins/update_idranges.py
new file mode 100644
index ..c3df98af9f0f2c5ceae3360858f8c6de069646ce
--- /dev/null
+++ b/ipaserver/install/plugins/update_idranges.py
@@ -0,0 +1,116 @@
+# Authors:
+# Tomas Babej tba...@redhat.com
+#
+# Copyright (C) 2013 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see http://www.gnu.org/licenses/.
+
+from ipaserver.install.plugins import MIDDLE
+from ipaserver.install.plugins.baseupdate import PostUpdate
+from ipalib import api, errors
+from ipapython.dn import DN
+from ipapython.ipa_log_manager import *
+
+
+class update_idrange_type(PostUpdate):
+
+Update all ID ranges that do not have ipaRangeType attribute filled.
+This applies to all ID ranges prior to IPA 3.3.
+
+
+order = MIDDLE
+
+def execute(self, **options):
+ldap = self.obj.backend
+
+base_dn = DN(api.env.container_ranges, api.env.basedn)
+search_filter = (((objectClass=ipaIDrange)(!(ipaRangeType=*
+root_logger.debug(update_idrange_type: search for ID ranges with no
+ type set)
+
+while True:
+# Run the search in loop to avoid issues when LDAP limits are hit
+# during update
+
+try:
+(entries, truncated) = ldap.find_entries(search_filter,
+['objectclass'], base_dn, time_limit=0, size_limit=0)
+
+except errors.NotFound:
+root_logger.debug(update_idrange_type: no ID range without
+ type set found)
+return (False, False, [])
+
+except errors.ExecutionError, e:
+root_logger.error(update_idrange_type: cannot retrieve list
+ of ranges with no type set: %s, e)
+return (False, False, [])
+
+if not entries:
+# No entry was returned, rather break than continue cycling
+root_logger.debug(update_idrange_type: no ID range was
+ returned)
+return (False, False, [])
+
+root_logger.debug(update_idrange_type: found %d
+ idranges to update, truncated: %s,
+ len(entries), truncated)
+
+error = False
+
+# Set the range type
+for dn, entry in entries:
+update = {}
+
+objectclasses = [o.lower()
[Freeipa-devel] [PATCHES 0061-0063] Extend ID range types rebased
Hi, Sending rebased versions on top of current master. Tomas From 589be38f4e34fc759fc9aff580f2d17e0eae52bb Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Thu, 30 May 2013 14:02:44 +0200 Subject: [PATCH 61/63] Add ipaRangeType attribute to LDAP Schema This adds a new LDAP attribute ipaRangeType with OID 2.16.840.1.113730.3.8.11.41 to the LDAP Schema. ObjectClass ipaIDrange has been altered to require ipaRangeType attribute. Part of https://fedorahosted.org/freeipa/ticket/3647 --- install/share/60basev3.ldif | 3 ++- install/updates/62-ranges.update | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/install/share/60basev3.ldif b/install/share/60basev3.ldif index 435948faefb66870aba20248ef88fae90505609c..b84789e25d75033f18fa5b70f69d852ddf35b7ca 100644 --- a/install/share/60basev3.ldif +++ b/install/share/60basev3.ldif @@ -37,6 +37,7 @@ attributeTypes: (2.16.840.1.113730.3.8.11.36 NAME 'ipaSecondaryBaseRID' DESC 'Fi attributeTypes: (2.16.840.1.113730.3.8.11.38 NAME 'ipaNTSIDBlacklistIncoming' DESC 'Extra SIDs filtered out from incoming MS-PAC' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'IPA v3') attributeTypes: (2.16.840.1.113730.3.8.11.39 NAME 'ipaNTSIDBlacklistOutgoing' DESC 'Extra SIDs filtered out from outgoing MS-PAC' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'IPA v3') attributeTypes: (2.16.840.1.113730.3.8.11.40 NAME 'ipaUserAuthType' DESC 'Allowed authentication methods' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v3') +attributeTypes: (2.16.840.1.113730.3.8.11.41 NAME 'ipaRangeType' DESC 'Range type' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'IPA v3' ) objectClasses: (2.16.840.1.113730.3.8.12.1 NAME 'ipaExternalGroup' SUP top STRUCTURAL MUST ( cn ) MAY ( ipaExternalMember $ memberOf $ description $ owner) X-ORIGIN 'IPA v3' ) objectClasses: (2.16.840.1.113730.3.8.12.2 NAME 'ipaNTUserAttrs' SUP top AUXILIARY MUST ( ipaNTSecurityIdentifier ) MAY ( ipaNTHash $ ipaNTLogonScript $ ipaNTProfilePath $ ipaNTHomeDirectory $ ipaNTHomeDirectoryDrive ) X-ORIGIN 'IPA v3' ) objectClasses: (2.16.840.1.113730.3.8.12.3 NAME 'ipaNTGroupAttrs' SUP top AUXILIARY MUST ( ipaNTSecurityIdentifier ) X-ORIGIN 'IPA v3' ) @@ -49,7 +50,7 @@ objectClasses: (2.16.840.1.113730.3.8.12.11 NAME 'ipaSshGroupOfPubKeys' ABSTRACT objectClasses: (2.16.840.1.113730.3.8.12.12 NAME 'ipaSshUser' SUP ipaSshGroupOfPubKeys AUXILIARY X-ORIGIN 'IPA v3' ) objectClasses: (2.16.840.1.113730.3.8.12.13 NAME 'ipaSshHost' SUP ipaSshGroupOfPubKeys AUXILIARY X-ORIGIN 'IPA v3' ) objectClasses: (2.16.840.1.113730.3.8.12.14 NAME 'ipaIDobject' SUP top AUXILIARY MAY ( uidNumber $ gidNumber $ ipaNTSecurityIdentifier ) X-ORIGIN 'IPA v3' ) -objectClasses: (2.16.840.1.113730.3.8.12.15 NAME 'ipaIDrange' ABSTRACT MUST ( cn $ ipaBaseID $ ipaIDRangeSize ) X-ORIGIN 'IPA v3' ) +objectClasses: (2.16.840.1.113730.3.8.12.15 NAME 'ipaIDrange' ABSTRACT MUST ( cn $ ipaBaseID $ ipaIDRangeSize $ ipaRangeType ) X-ORIGIN 'IPA v3' ) objectClasses: (2.16.840.1.113730.3.8.12.16 NAME 'ipaDomainIDRange' SUP ipaIDrange STRUCTURAL MAY ( ipaBaseRID $ ipaSecondaryBaseRID ) X-ORIGIN 'IPA v3' ) objectClasses: (2.16.840.1.113730.3.8.12.17 NAME 'ipaTrustedADDomainRange' SUP ipaIDrange STRUCTURAL MUST ( ipaBaseRID $ ipaNTTrustedDomainSID ) X-ORIGIN 'IPA v3' ) objectclasses: (2.16.840.1.113730.3.8.12.19 NAME 'ipaUserAuthTypeClass' SUP top AUXILIARY DESC 'Class for authentication methods definition' MAY ipaUserAuthType X-ORIGIN 'IPA v3') diff --git a/install/updates/62-ranges.update b/install/updates/62-ranges.update index 79d5326d6000d038923b2a92dcdec98370fa90f4..c2eb6dca7077aebf56b06b39710b3c46db799aed 100644 --- a/install/updates/62-ranges.update +++ b/install/updates/62-ranges.update @@ -3,10 +3,12 @@ add:attributeTypes: (2.16.840.1.113730.3.8.11.33 NAME 'ipaBaseID' DESC 'First va add:attributeTypes: (2.16.840.1.113730.3.8.11.34 NAME 'ipaIDRangeSize' DESC 'Size of a Posix ID range' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'IPA v3' ) add:attributeTypes: (2.16.840.1.113730.3.8.11.35 NAME 'ipaBaseRID' DESC 'First value of a RID range' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'IPA v3' ) add:attributeTypes: (2.16.840.1.113730.3.8.11.36 NAME 'ipaSecondaryBaseRID' DESC 'First value of a secondary RID range' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'IPA v3' ) +add:attributeTypes: (2.16.840.1.113730.3.8.11.41 NAME 'ipaRangeType' DESC 'Range type' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'IPA v3' ) add:objectClasses: (2.16.840.1.113730.3.8.12.14 NAME 'ipaIDobject'
