Provide available attributes for all objects for use in creating
permissions (ACIs). This is provided in the meta data call.
Also tell whether an object is bindable (has password or kerberos key)
for use in the future selfservice plugin.
rob
From 7ccf39c8797b74853d279f1c6698b33d06a1e319 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Thu, 2 Dec 2010 11:05:54 -0500
Subject: [PATCH] Provide list of available attributes for use in ACI UI.
Also include flag indicating whether the object is bindable. This will
be used to determine if the object can have a selfservice ACI.
ticket 446
---
install/share/bootstrap-template.ldif |1 -
ipalib/plugins/baseldap.py| 23 ++-
ipalib/plugins/host.py|1 +
ipalib/plugins/internal.py|2 +-
ipalib/plugins/service.py |1 +
ipalib/plugins/user.py|1 +
6 files changed, 26 insertions(+), 3 deletions(-)
diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif
index 7946526..4f10f07 100644
--- a/install/share/bootstrap-template.ldif
+++ b/install/share/bootstrap-template.ldif
@@ -218,7 +218,6 @@ ipaUserObjectClasses: inetuser
ipaUserObjectClasses: posixaccount
ipaUserObjectClasses: krbprincipalaux
ipaUserObjectClasses: krbticketpolicyaux
-ipaUserObjectClasses: radiusprofile
ipaUserObjectClasses: ipaobject
ipaDefaultEmailDomain: $DOMAIN
ipaMigrationEnabled: FALSE
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index 3894e18..7d382f9 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -197,6 +197,8 @@ class LDAPObject(Object):
uuid_attribute = ''
attribute_members = {}
rdnattr = None
+# Can bind as this entry (has userPassword or krbPrincipalKey)
+bindable = False
container_not_found_msg = _('container entry (%(container)s) not found')
parent_not_found_msg = _('%(parent)s: %(oname)s not found')
@@ -293,14 +295,33 @@ class LDAPObject(Object):
'parent_object', 'container_dn', 'object_name', 'object_name_plural',
'object_class', 'object_class_config', 'default_attributes', 'label',
'hidden_attributes', 'uuid_attribute', 'attribute_members', 'name',
-'takes_params', 'rdn_attribute',
+'takes_params', 'rdn_attribute', 'bindable',
)
+
def __json__(self):
+ldap = self.backend
json_dict = dict(
(a, getattr(self, a)) for a in self.json_friendly_attributes
)
if self.primary_key:
json_dict['primary_key'] = self.primary_key.name
+objectclasses = self.object_class
+if self.object_class_config:
+config = ldap.get_ipa_config()[1]
+objectclasses = config.get(
+self.object_class_config, objectclasses
+)
+# Get list of available attributes for this object for use
+# in the ACI UI.
+attrs = self.api.Backend.ldap2.schema.attribute_types(objectclasses)
+attrlist = []
+# Go through the MUST first
+for (oid, attr) in attrs[0].iteritems():
+attrlist.append(attr.names[0])
+# And now the MAY
+for (oid, attr) in attrs[1].iteritems():
+attrlist.append(attr.names[0])
+json_dict['aciattrs'] = attrlist
json_dict['methods'] = [m for m in self.methods]
return json_dict
diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py
index a9589c6..437b7d5 100644
--- a/ipalib/plugins/host.py
+++ b/ipalib/plugins/host.py
@@ -165,6 +165,7 @@ class host(LDAPObject):
'memberof': ['hostgroup', 'netgroup', 'role'],
'managedby': ['host'],
}
+bindable = True
label = _('Hosts')
diff --git a/ipalib/plugins/internal.py b/ipalib/plugins/internal.py
index 708d829..ddef160 100644
--- a/ipalib/plugins/internal.py
+++ b/ipalib/plugins/internal.py
@@ -56,7 +56,7 @@ class json_metadata(Command):
((objname, json_serialize(self.api.Object[objname])), )
)
)
-retval= dict([(metadata,meta), (messages,dict())])
+retval= dict([(metadata,meta)])
else:
meta=dict(
diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py
index fbb1ff2..1e55599 100644
--- a/ipalib/plugins/service.py
+++ b/ipalib/plugins/service.py
@@ -237,6 +237,7 @@ class service(LDAPObject):
attribute_members = {
'managedby': ['host'],
}
+bindable = True
label = _('Services')
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index 1bbb9b1..07b8e82 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -73,6 +73,7 @@ class user(LDAPObject):
'memberof': ['group', 'netgroup', 'role'],
}
rdnattr = 'uid'
+bindable = True
label = _('Users')
--
1.7.2.1
___