Hi,
Following values of ipaRangeType attribute are supported
and translated accordingly in the idrange commands:
'ipa-local': 'local domain range'
'ipa-ad-winsync': 'Active Directory winsync range'
'ipa-ad-trust': 'Active Directory domain range'
'ipa-ad-trust-posix': 'Active Directory trust range with
POSIX attributes'
'ipa-ipa-trust': 'IPA trust range'
Part of https://fedorahosted.org/freeipa/ticket/3647
Tomas
From 0248c9ea82e43d43d69429c264bbb4828c16be30 Mon Sep 17 00:00:00 2001
From: Tomas Babej <tba...@redhat.com>
Date: Thu, 30 May 2013 14:12:52 +0200
Subject: [PATCH 63/63] Extend idrange commands to support new range origin
types
Following values of ipaRangeType attribute are supported
and translated accordingly in the idrange commands:
'ipa-local': 'local domain range'
'ipa-ad-winsync': 'Active Directory winsync range'
'ipa-ad-trust': 'Active Directory domain range'
'ipa-ad-trust-posix': 'Active Directory trust range with
POSIX attributes'
'ipa-ipa-trust': 'IPA trust range'
Part of https://fedorahosted.org/freeipa/ticket/3647
---
ipalib/plugins/idrange.py | 43 ++++++++++++++++++++++++++++++++-----------
1 file changed, 32 insertions(+), 11 deletions(-)
diff --git a/ipalib/plugins/idrange.py b/ipalib/plugins/idrange.py
index 54f6fbb3e19b9aa01dfde2a8d0c5da4498632386..bc8ad997224be8bb0c8dbf5e8b90cfaa26e4507b 100644
--- a/ipalib/plugins/idrange.py
+++ b/ipalib/plugins/idrange.py
@@ -208,12 +208,22 @@ class idrange(LDAPObject):
)
)
+ range_types = {
+ 'ipa-local': unicode(_(u'local domain range')),
+ 'ipa-ad-winsync': unicode(_('Active Directory winsync range')),
+ 'ipa-ad-trust': unicode(_('Active Directory domain range')),
+ 'ipa-ad-trust-posix': unicode(_('Active Directory trust range with '
+ 'POSIX attributes')),
+ 'ipa-ipa-trust': unicode(_('IPA trust range')),
+ }
+
def handle_iparangetype(self, entry_attrs, options, keep_objectclass=False):
- if not options.get('pkey_only', False):
- if 'ipatrustedaddomainrange' in entry_attrs.get('objectclass', []):
- entry_attrs['iparangetype'] = [unicode(_('Active Directory domain range'))]
- else:
- entry_attrs['iparangetype'] = [unicode(_(u'local domain range'))]
+ if not any((options.get('pkey_only', False),
+ options.get('raw', False))):
+ range_type = entry_attrs['iparangetype'][0]
+ entry_attrs['iparangetype'] = self.range_types.get(range_type, None)
+
+ # Remove the objectclass
if not keep_objectclass:
if not options.get('all', False) or options.get('pkey_only', False):
entry_attrs.pop('objectclass', None)
@@ -385,7 +395,11 @@ class idrange_add(LDAPCreate):
'not be found. Please specify the SID directly '
'using dom-sid option.'))
+ # ipaNTTrustedDomainSID attribute set, this is AD Trusted domain range
if is_set('ipanttrusteddomainsid'):
+ entry_attrs['objectclass'].append('ipatrustedaddomainrange')
+ entry_attrs['iparangetype'] = 'ipa-ad-trust'
+
if is_set('ipasecondarybaserid'):
raise errors.ValidationError(name='ID Range setup',
error=_('Options dom-sid/dom-name and secondary-rid-base '
@@ -398,11 +412,13 @@ class idrange_add(LDAPCreate):
# Validate SID as the one of trusted domains
self.obj.validate_trusted_domain_sid(entry_attrs['ipanttrusteddomainsid'])
- # Finally, add trusted AD domain range object class
- entry_attrs['objectclass'].append('ipatrustedaddomainrange')
+ # ipaNTTrustedDomainSID attribute not set, this is local domain range
else:
- # secondary base rid must be set if and only if base rid is set
+ entry_attrs['objectclass'].append('ipadomainidrange')
+ entry_attrs['iparangetype'] = 'ipa-local'
+
+ # secondary base rid must be set if and only if base rid is set
if is_set('ipasecondarybaserid') != is_set('ipabaserid'):
raise errors.ValidationError(name='ID Range setup',
error=_('Options secondary-rid-base and rid-base must '
@@ -418,15 +434,15 @@ class idrange_add(LDAPCreate):
error=_("Primary RID range and secondary RID range"
" cannot overlap"))
- entry_attrs['objectclass'].append('ipadomainidrange')
-
return dn
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
assert isinstance(dn, DN)
- self.obj.handle_iparangetype(entry_attrs, options, keep_objectclass=True)
+ self.obj.handle_iparangetype(entry_attrs, options,
+ keep_objectclass=True)
return dn
+
class idrange_del(LDAPDelete):
__doc__ = _('Delete an ID range.')
@@ -444,6 +460,7 @@ class idrange_del(LDAPDelete):
old_base_id, old_range_size, 0, 0)
return dn
+
class idrange_find(LDAPSearch):
__doc__ = _('Search for ranges.')
@@ -463,6 +480,7 @@ class idrange_find(LDAPSearch):
self.obj.handle_iparangetype(entry, options)
return truncated
+
class idrange_show(LDAPRetrieve):
__doc__ = _('Display information about a range.')
@@ -476,6 +494,7 @@ class idrange_show(LDAPRetrieve):
self.obj.handle_iparangetype(entry_attrs, options)
return dn
+
class idrange_mod(LDAPUpdate):
__doc__ = _('Modify ID range.')
@@ -537,6 +556,7 @@ class idrange_mod(LDAPUpdate):
# Add trusted AD domain range object class, if it wasn't there
if not 'ipatrustedaddomainrange' in old_attrs['objectclass']:
entry_attrs['objectclass'].append('ipatrustedaddomainrange')
+ entry_attrs['iparangetype'] = 'ipa-ad-trust'
else:
# secondary base rid must be set if and only if base rid is set
@@ -592,6 +612,7 @@ class idrange_mod(LDAPUpdate):
self.obj.handle_iparangetype(entry_attrs, options)
return dn
+
api.register(idrange)
api.register(idrange_add)
api.register(idrange_mod)
--
1.8.1.4
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
