Hi, Following values of ipaRangeType attribute are supported and translated accordingly in the idrange commands:
'ipa-local': 'local domain range' 'ipa-ad-winsync': 'Active Directory winsync range' 'ipa-ad-trust': 'Active Directory domain range' 'ipa-ad-trust-posix': 'Active Directory trust range with POSIX attributes' 'ipa-ipa-trust': 'IPA trust range' Part of https://fedorahosted.org/freeipa/ticket/3647 Tomas
From 0248c9ea82e43d43d69429c264bbb4828c16be30 Mon Sep 17 00:00:00 2001 From: Tomas Babej <tba...@redhat.com> Date: Thu, 30 May 2013 14:12:52 +0200 Subject: [PATCH 63/63] Extend idrange commands to support new range origin types Following values of ipaRangeType attribute are supported and translated accordingly in the idrange commands: 'ipa-local': 'local domain range' 'ipa-ad-winsync': 'Active Directory winsync range' 'ipa-ad-trust': 'Active Directory domain range' 'ipa-ad-trust-posix': 'Active Directory trust range with POSIX attributes' 'ipa-ipa-trust': 'IPA trust range' Part of https://fedorahosted.org/freeipa/ticket/3647 --- ipalib/plugins/idrange.py | 43 ++++++++++++++++++++++++++++++++----------- 1 file changed, 32 insertions(+), 11 deletions(-) diff --git a/ipalib/plugins/idrange.py b/ipalib/plugins/idrange.py index 54f6fbb3e19b9aa01dfde2a8d0c5da4498632386..bc8ad997224be8bb0c8dbf5e8b90cfaa26e4507b 100644 --- a/ipalib/plugins/idrange.py +++ b/ipalib/plugins/idrange.py @@ -208,12 +208,22 @@ class idrange(LDAPObject): ) ) + range_types = { + 'ipa-local': unicode(_(u'local domain range')), + 'ipa-ad-winsync': unicode(_('Active Directory winsync range')), + 'ipa-ad-trust': unicode(_('Active Directory domain range')), + 'ipa-ad-trust-posix': unicode(_('Active Directory trust range with ' + 'POSIX attributes')), + 'ipa-ipa-trust': unicode(_('IPA trust range')), + } + def handle_iparangetype(self, entry_attrs, options, keep_objectclass=False): - if not options.get('pkey_only', False): - if 'ipatrustedaddomainrange' in entry_attrs.get('objectclass', []): - entry_attrs['iparangetype'] = [unicode(_('Active Directory domain range'))] - else: - entry_attrs['iparangetype'] = [unicode(_(u'local domain range'))] + if not any((options.get('pkey_only', False), + options.get('raw', False))): + range_type = entry_attrs['iparangetype'][0] + entry_attrs['iparangetype'] = self.range_types.get(range_type, None) + + # Remove the objectclass if not keep_objectclass: if not options.get('all', False) or options.get('pkey_only', False): entry_attrs.pop('objectclass', None) @@ -385,7 +395,11 @@ class idrange_add(LDAPCreate): 'not be found. Please specify the SID directly ' 'using dom-sid option.')) + # ipaNTTrustedDomainSID attribute set, this is AD Trusted domain range if is_set('ipanttrusteddomainsid'): + entry_attrs['objectclass'].append('ipatrustedaddomainrange') + entry_attrs['iparangetype'] = 'ipa-ad-trust' + if is_set('ipasecondarybaserid'): raise errors.ValidationError(name='ID Range setup', error=_('Options dom-sid/dom-name and secondary-rid-base ' @@ -398,11 +412,13 @@ class idrange_add(LDAPCreate): # Validate SID as the one of trusted domains self.obj.validate_trusted_domain_sid(entry_attrs['ipanttrusteddomainsid']) - # Finally, add trusted AD domain range object class - entry_attrs['objectclass'].append('ipatrustedaddomainrange') + # ipaNTTrustedDomainSID attribute not set, this is local domain range else: - # secondary base rid must be set if and only if base rid is set + entry_attrs['objectclass'].append('ipadomainidrange') + entry_attrs['iparangetype'] = 'ipa-local' + + # secondary base rid must be set if and only if base rid is set if is_set('ipasecondarybaserid') != is_set('ipabaserid'): raise errors.ValidationError(name='ID Range setup', error=_('Options secondary-rid-base and rid-base must ' @@ -418,15 +434,15 @@ class idrange_add(LDAPCreate): error=_("Primary RID range and secondary RID range" " cannot overlap")) - entry_attrs['objectclass'].append('ipadomainidrange') - return dn def post_callback(self, ldap, dn, entry_attrs, *keys, **options): assert isinstance(dn, DN) - self.obj.handle_iparangetype(entry_attrs, options, keep_objectclass=True) + self.obj.handle_iparangetype(entry_attrs, options, + keep_objectclass=True) return dn + class idrange_del(LDAPDelete): __doc__ = _('Delete an ID range.') @@ -444,6 +460,7 @@ class idrange_del(LDAPDelete): old_base_id, old_range_size, 0, 0) return dn + class idrange_find(LDAPSearch): __doc__ = _('Search for ranges.') @@ -463,6 +480,7 @@ class idrange_find(LDAPSearch): self.obj.handle_iparangetype(entry, options) return truncated + class idrange_show(LDAPRetrieve): __doc__ = _('Display information about a range.') @@ -476,6 +494,7 @@ class idrange_show(LDAPRetrieve): self.obj.handle_iparangetype(entry_attrs, options) return dn + class idrange_mod(LDAPUpdate): __doc__ = _('Modify ID range.') @@ -537,6 +556,7 @@ class idrange_mod(LDAPUpdate): # Add trusted AD domain range object class, if it wasn't there if not 'ipatrustedaddomainrange' in old_attrs['objectclass']: entry_attrs['objectclass'].append('ipatrustedaddomainrange') + entry_attrs['iparangetype'] = 'ipa-ad-trust' else: # secondary base rid must be set if and only if base rid is set @@ -592,6 +612,7 @@ class idrange_mod(LDAPUpdate): self.obj.handle_iparangetype(entry_attrs, options) return dn + api.register(idrange) api.register(idrange_add) api.register(idrange_mod) -- 1.8.1.4
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel