Re: [Freeipa-devel] [PATCH 0331, 0337] User plugin: allow multiple managers per user - CLI part
On 19.11.2015 14:57, David Kupka wrote: On 19/11/15 12:54, Martin Basti wrote: On 18.11.2015 16:10, Martin Basti wrote: On 12.11.2015 12:39, Martin Basti wrote: On 27.10.2015 14:59, Martin Basti wrote: On 20.10.2015 18:46, Martin Basti wrote: On 20.10.2015 16:07, Martin Basti wrote: On 20.10.2015 15:57, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5344 Patch attached. Test are failing, a fix in UserTracker has to be done (partially in my patch 329) SelfNACK, I forgot to add stageuser tests Updated patch attached. I extracted tests to the separate patch, tests do not work, I had issues with user and stageuser trackers. Patch to fix issues with --addattr and managers added and attached. The new one patch 0331 attached, patch 0337 is not needed anymore. This patch also fixes https://fedorahosted.org/freeipa/ticket/5387 updated patch attached. updated patch attached Works for me, ACK. Pushed to master: 457c9746709042e6f4f8f37a85ca8ad562962405 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0331, 0337] User plugin: allow multiple managers per user - CLI part
On 18.11.2015 16:10, Martin Basti wrote: On 12.11.2015 12:39, Martin Basti wrote: On 27.10.2015 14:59, Martin Basti wrote: On 20.10.2015 18:46, Martin Basti wrote: On 20.10.2015 16:07, Martin Basti wrote: On 20.10.2015 15:57, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5344 Patch attached. Test are failing, a fix in UserTracker has to be done (partially in my patch 329) SelfNACK, I forgot to add stageuser tests Updated patch attached. I extracted tests to the separate patch, tests do not work, I had issues with user and stageuser trackers. Patch to fix issues with --addattr and managers added and attached. The new one patch 0331 attached, patch 0337 is not needed anymore. This patch also fixes https://fedorahosted.org/freeipa/ticket/5387 updated patch attached. updated patch attached From 05e586484da12e136f86f7b5e50cb4703ea38333 Mon Sep 17 00:00:00 2001 From: Martin BastiDate: Thu, 5 Nov 2015 17:11:23 +0100 Subject: [PATCH] Allow multiple managers per user - CLI part Added commands: * user-add-manager * user-remove-manager * stageuser-add-manager * stageuser-remove-manager Commit contains override of convert_attribute_members method in baseuser class that ensures the managers will be returned in 'manager' attribute due to backward compatibility instead of 'manager_user' as would be expected. https://fedorahosted.org/freeipa/ticket/5344 This patch also fixes: https://fedorahosted.org/freeipa/ticket/5387 --- API.txt | 44 +++ VERSION | 4 ++-- ipalib/plugins/baseuser.py | 50 ++--- ipalib/plugins/stageuser.py | 22 ++-- ipalib/plugins/user.py | 24 +++--- 5 files changed, 113 insertions(+), 31 deletions(-) diff --git a/API.txt b/API.txt index 873c6d54221a0c1657b5457bd9dceedb4adf06b3..0976c97213775d79da43ee382a0badbe029b7960 100644 --- a/API.txt +++ b/API.txt @@ -4248,6 +4248,17 @@ option: Str('version?', exclude='webui') output: Entry('result', , Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) output: Output('summary', (, ), None) output: PrimaryKey('value', None, None) +command: stageuser_add_manager +args: 1,5,3 +arg: Str('uid', attribute=True, cli_name='login', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', primary_key=True, query=True, required=True) +option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') +option: Flag('no_members', autofill=True, default=False, exclude='webui') +option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') +option: Str('user*', alwaysask=True, cli_name='users', csv=True) +option: Str('version?', exclude='webui') +output: Output('completed', , None) +output: Output('failed', , None) +output: Entry('result', , Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) command: stageuser_del args: 1,2,3 arg: Str('uid', attribute=True, cli_name='login', maxlength=255, multivalue=True, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', primary_key=True, query=True, required=True) @@ -4367,6 +4378,17 @@ option: Str('version?', exclude='webui') output: Entry('result', , Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) output: Output('summary', (, ), None) output: PrimaryKey('value', None, None) +command: stageuser_remove_manager +args: 1,5,3 +arg: Str('uid', attribute=True, cli_name='login', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', primary_key=True, query=True, required=True) +option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') +option: Flag('no_members', autofill=True, default=False, exclude='webui') +option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') +option: Str('user*', alwaysask=True, cli_name='users', csv=True) +option: Str('version?', exclude='webui') +output: Output('completed', , None) +output: Output('failed', , None) +output: Entry('result', , Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) command: stageuser_show args: 1,5,3 arg: Str('uid', attribute=True, cli_name='login', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', primary_key=True, query=True, required=True) @@ -5208,6 +5230,17 @@ option: Str('version?', exclude='webui') output: Entry('result', , Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) output: Output('summary', (, ), None) output: PrimaryKey('value', None, None) +command: user_add_manager +args: 1,5,3 +arg: Str('uid', attribute=True, cli_name='login', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', primary_key=True,
Re: [Freeipa-devel] [PATCH 0331, 0337] User plugin: allow multiple managers per user - CLI part
On 19/11/15 12:54, Martin Basti wrote: On 18.11.2015 16:10, Martin Basti wrote: On 12.11.2015 12:39, Martin Basti wrote: On 27.10.2015 14:59, Martin Basti wrote: On 20.10.2015 18:46, Martin Basti wrote: On 20.10.2015 16:07, Martin Basti wrote: On 20.10.2015 15:57, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5344 Patch attached. Test are failing, a fix in UserTracker has to be done (partially in my patch 329) SelfNACK, I forgot to add stageuser tests Updated patch attached. I extracted tests to the separate patch, tests do not work, I had issues with user and stageuser trackers. Patch to fix issues with --addattr and managers added and attached. The new one patch 0331 attached, patch 0337 is not needed anymore. This patch also fixes https://fedorahosted.org/freeipa/ticket/5387 updated patch attached. updated patch attached Works for me, ACK. -- David Kupka -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0331, 0337] User plugin: allow multiple managers per user - CLI part
On 12.11.2015 12:39, Martin Basti wrote: On 27.10.2015 14:59, Martin Basti wrote: On 20.10.2015 18:46, Martin Basti wrote: On 20.10.2015 16:07, Martin Basti wrote: On 20.10.2015 15:57, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5344 Patch attached. Test are failing, a fix in UserTracker has to be done (partially in my patch 329) SelfNACK, I forgot to add stageuser tests Updated patch attached. I extracted tests to the separate patch, tests do not work, I had issues with user and stageuser trackers. Patch to fix issues with --addattr and managers added and attached. The new one patch 0331 attached, patch 0337 is not needed anymore. This patch also fixes https://fedorahosted.org/freeipa/ticket/5387 updated patch attached. From c76b225561f2c8e9efba3d950eba9ce65c1ce7c4 Mon Sep 17 00:00:00 2001 From: Martin BastiDate: Thu, 5 Nov 2015 17:11:23 +0100 Subject: [PATCH] Allow multiple managers per user - CLI part Added commands: * user-add-manager * user-remove-manager * stageuser-add-manager * stageuser-remove-manager Commit contains override of convert_attribute_members method in baseuser class that ensures the managers will be returned in 'manager' attribute due to backward compatibility instead of 'manager_user' as would be expected. https://fedorahosted.org/freeipa/ticket/5344 This patch also fixes: https://fedorahosted.org/freeipa/ticket/5387 --- API.txt | 44 ++ VERSION | 4 ++-- ipalib/plugins/baseuser.py | 58 - ipalib/plugins/stageuser.py | 22 - ipalib/plugins/user.py | 24 +-- 5 files changed, 120 insertions(+), 32 deletions(-) diff --git a/API.txt b/API.txt index 873c6d54221a0c1657b5457bd9dceedb4adf06b3..0976c97213775d79da43ee382a0badbe029b7960 100644 --- a/API.txt +++ b/API.txt @@ -4248,6 +4248,17 @@ option: Str('version?', exclude='webui') output: Entry('result', , Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) output: Output('summary', (, ), None) output: PrimaryKey('value', None, None) +command: stageuser_add_manager +args: 1,5,3 +arg: Str('uid', attribute=True, cli_name='login', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', primary_key=True, query=True, required=True) +option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') +option: Flag('no_members', autofill=True, default=False, exclude='webui') +option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') +option: Str('user*', alwaysask=True, cli_name='users', csv=True) +option: Str('version?', exclude='webui') +output: Output('completed', , None) +output: Output('failed', , None) +output: Entry('result', , Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) command: stageuser_del args: 1,2,3 arg: Str('uid', attribute=True, cli_name='login', maxlength=255, multivalue=True, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', primary_key=True, query=True, required=True) @@ -4367,6 +4378,17 @@ option: Str('version?', exclude='webui') output: Entry('result', , Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) output: Output('summary', (, ), None) output: PrimaryKey('value', None, None) +command: stageuser_remove_manager +args: 1,5,3 +arg: Str('uid', attribute=True, cli_name='login', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', primary_key=True, query=True, required=True) +option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') +option: Flag('no_members', autofill=True, default=False, exclude='webui') +option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') +option: Str('user*', alwaysask=True, cli_name='users', csv=True) +option: Str('version?', exclude='webui') +output: Output('completed', , None) +output: Output('failed', , None) +output: Entry('result', , Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) command: stageuser_show args: 1,5,3 arg: Str('uid', attribute=True, cli_name='login', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', primary_key=True, query=True, required=True) @@ -5208,6 +5230,17 @@ option: Str('version?', exclude='webui') output: Entry('result', , Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) output: Output('summary', (, ), None) output: PrimaryKey('value', None, None) +command: user_add_manager +args: 1,5,3 +arg: Str('uid', attribute=True, cli_name='login', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', primary_key=True, query=True, required=True) +option: Flag('all', autofill=True, cli_name='all',
Re: [Freeipa-devel] [PATCH 0331, 0337] User plugin: allow multiple managers per user - CLI part
On 27.10.2015 14:59, Martin Basti wrote: On 20.10.2015 18:46, Martin Basti wrote: On 20.10.2015 16:07, Martin Basti wrote: On 20.10.2015 15:57, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5344 Patch attached. Test are failing, a fix in UserTracker has to be done (partially in my patch 329) SelfNACK, I forgot to add stageuser tests Updated patch attached. I extracted tests to the separate patch, tests do not work, I had issues with user and stageuser trackers. Patch to fix issues with --addattr and managers added and attached. The new one patch 0331 attached, patch 0337 is not needed anymore. This patch also fixes https://fedorahosted.org/freeipa/ticket/5387 From a85d8d2d0e1ab0aabe57c560bbd7a45527f5a7f7 Mon Sep 17 00:00:00 2001 From: Martin BastiDate: Thu, 5 Nov 2015 17:11:23 +0100 Subject: [PATCH] Allow multiple managers per user - CLI part Added commands: * user-add-manager * user-remove-manager * stageuser-add-manager * stageuser-remove-manager Commit contains override of convert_attribute_members method in baseuser class that ensures the managers will be returned in 'manager' attribute due to backward compatibility instead of 'manager_user' as would be expected. https://fedorahosted.org/freeipa/ticket/5344 This patch also fixes: https://fedorahosted.org/freeipa/ticket/5387 --- API.txt | 44 VERSION | 4 ++-- ipalib/plugins/baseuser.py | 55 +++-- ipalib/plugins/stageuser.py | 22 +- ipalib/plugins/user.py | 24 ++-- 5 files changed, 117 insertions(+), 32 deletions(-) diff --git a/API.txt b/API.txt index 873c6d54221a0c1657b5457bd9dceedb4adf06b3..0976c97213775d79da43ee382a0badbe029b7960 100644 --- a/API.txt +++ b/API.txt @@ -4248,6 +4248,17 @@ option: Str('version?', exclude='webui') output: Entry('result', , Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) output: Output('summary', (, ), None) output: PrimaryKey('value', None, None) +command: stageuser_add_manager +args: 1,5,3 +arg: Str('uid', attribute=True, cli_name='login', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', primary_key=True, query=True, required=True) +option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') +option: Flag('no_members', autofill=True, default=False, exclude='webui') +option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') +option: Str('user*', alwaysask=True, cli_name='users', csv=True) +option: Str('version?', exclude='webui') +output: Output('completed', , None) +output: Output('failed', , None) +output: Entry('result', , Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) command: stageuser_del args: 1,2,3 arg: Str('uid', attribute=True, cli_name='login', maxlength=255, multivalue=True, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', primary_key=True, query=True, required=True) @@ -4367,6 +4378,17 @@ option: Str('version?', exclude='webui') output: Entry('result', , Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) output: Output('summary', (, ), None) output: PrimaryKey('value', None, None) +command: stageuser_remove_manager +args: 1,5,3 +arg: Str('uid', attribute=True, cli_name='login', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', primary_key=True, query=True, required=True) +option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') +option: Flag('no_members', autofill=True, default=False, exclude='webui') +option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') +option: Str('user*', alwaysask=True, cli_name='users', csv=True) +option: Str('version?', exclude='webui') +output: Output('completed', , None) +output: Output('failed', , None) +output: Entry('result', , Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) command: stageuser_show args: 1,5,3 arg: Str('uid', attribute=True, cli_name='login', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', primary_key=True, query=True, required=True) @@ -5208,6 +5230,17 @@ option: Str('version?', exclude='webui') output: Entry('result', , Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) output: Output('summary', (, ), None) output: PrimaryKey('value', None, None) +command: user_add_manager +args: 1,5,3 +arg: Str('uid', attribute=True, cli_name='login', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', primary_key=True, query=True, required=True) +option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') +option: Flag('no_members',
Re: [Freeipa-devel] [PATCH 0331, 0337] User plugin: allow multiple managers per user - CLI part
On 20.10.2015 18:46, Martin Basti wrote: On 20.10.2015 16:07, Martin Basti wrote: On 20.10.2015 15:57, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5344 Patch attached. Test are failing, a fix in UserTracker has to be done (partially in my patch 329) SelfNACK, I forgot to add stageuser tests Updated patch attached. I extracted tests to the separate patch, tests do not work, I had issues with user and stageuser trackers. Patch to fix issues with --addattr and managers added and attached. From 7e301a11f7ea46cff25cb0d6fa13058c69ae530c Mon Sep 17 00:00:00 2001 From: Martin BastiDate: Tue, 27 Oct 2015 13:42:49 +0100 Subject: [PATCH] Fix --add-attr with multiple managers Framework expects managers as unicode, but if there was a manager in LDAP specified, it was returned as DN, which caused parameter conversion error. Normalize method was added to manager parameter which convert DN to manager login. https://fedorahosted.org/freeipa/ticket/5344 --- ipalib/plugins/baseuser.py | 18 ++ 1 file changed, 18 insertions(+) diff --git a/ipalib/plugins/baseuser.py b/ipalib/plugins/baseuser.py index da4883ccec906472ed2e82f5c61ef91c9b2049e9..4d6bf1dfca7c94aba31f1f8d0125f1065271613f 100644 --- a/ipalib/plugins/baseuser.py +++ b/ipalib/plugins/baseuser.py @@ -153,6 +153,23 @@ def normalize_principal(principal): return unicode('%s@%s' % (user, realm)) +def _convert_manager(manager): +# convert DN to unicode, otherwise --addattr call will not work +# validation of manager is done later, just extract manager login from DN +if not manager: +return manager + +if isinstance(manager, DN): +try: +return manager['uid'] +except KeyError: +raise errors.ConversionError( +_("DN of the manager does not contain 'uid'") +) + + +return manager + def fix_addressbook_permission_bindrule(name, template, is_new, anonymous_read_aci, @@ -340,6 +357,7 @@ class baseuser(LDAPObject): ), Str('manager*', label=_('Manager'), +normalizer=_convert_manager, ), Str('carlicense*', label=_('Car License'), -- 2.4.3 From 250c5d3f2f5e47b19c628115ecd9df8a71d357dc Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Tue, 20 Oct 2015 18:39:57 +0200 Subject: [PATCH] Allow multiple managers per user - CLI part https://fedorahosted.org/freeipa/ticket/5344 --- API.txt| 12 ++-- VERSION| 4 ++-- ipalib/plugins/baseuser.py | 7 +-- 3 files changed, 13 insertions(+), 10 deletions(-) diff --git a/API.txt b/API.txt index 873c6d54221a0c1657b5457bd9dceedb4adf06b3..896df430aaa1952c0fe4af4672b78f1ad11da45e 100644 --- a/API.txt +++ b/API.txt @@ -4225,7 +4225,7 @@ option: Str('krbprincipalname', attribute=True, autofill=True, cli_name='princip option: Str('l', attribute=True, cli_name='city', multivalue=False, required=False) option: Str('loginshell', attribute=True, cli_name='shell', multivalue=False, required=False) option: Str('mail', attribute=True, cli_name='email', multivalue=True, required=False) -option: Str('manager', attribute=True, cli_name='manager', multivalue=False, required=False) +option: Str('manager', attribute=True, cli_name='manager', multivalue=True, required=False) option: Str('mobile', attribute=True, cli_name='mobile', multivalue=True, required=False) option: Flag('no_members', autofill=True, default=False, exclude='webui') option: Str('ou', attribute=True, cli_name='orgunit', multivalue=False, required=False) @@ -4285,7 +4285,7 @@ option: Str('krbprincipalname', attribute=True, autofill=False, cli_name='princi option: Str('l', attribute=True, autofill=False, cli_name='city', multivalue=False, query=True, required=False) option: Str('loginshell', attribute=True, autofill=False, cli_name='shell', multivalue=False, query=True, required=False) option: Str('mail', attribute=True, autofill=False, cli_name='email', multivalue=True, query=True, required=False) -option: Str('manager', attribute=True, autofill=False, cli_name='manager', multivalue=False, query=True, required=False) +option: Str('manager', attribute=True, autofill=False, cli_name='manager', multivalue=True, query=True, required=False) option: Str('mobile', attribute=True, autofill=False, cli_name='mobile', multivalue=True, query=True, required=False) option: Flag('no_members', autofill=True, default=False, exclude='webui') option: Str('not_in_group*', cli_name='not_in_groups', csv=True) @@ -4342,7 +4342,7 @@ option: DateTime('krbprincipalexpiration', attribute=True, autofill=False, cli_n option: Str('l', attribute=True, autofill=False, cli_name='city', multivalue=False, required=False) option: Str('loginshell', attribute=True, autofill=False, cli_name='shell', multivalue=False, required=False) option: