On Tuesday 16 of July 2013 17:11:46 Tomas Babej wrote:
> Hi,
>
> Make the interactive prompts interpret the following logic:
>
> - AD range (dom-sid/dom-name set):
> require RID base if not set
>
> - local range(dom-sid/dom-name not set):
> a) server with adtrust support:
>require both RID base and secondary RID base
> b) server without adtrust support:
>if any of RID base, secondary RID base set,
>require both of them
>
> https://fedorahosted.org/freeipa/ticket/3786
>
> Tomas
Too quick once again.
Tomas>From 327e0857254d7e7849e05c05836faba2ffc87e9b Mon Sep 17 00:00:00 2001
From: Tomas Babej
Date: Tue, 16 Jul 2013 15:17:23 +0200
Subject: [PATCH] Refactor the interactive prompt logic in idrange_add
Make the interactive prompts interpret the following logic:
- AD range (dom-sid/dom-name set):
require RID base if not set
- local range(dom-sid/dom-name not set):
a) server with adtrust support:
require both RID base and secondary RID base
b) server without adtrust support:
if any of RID base, secondary RID base set,
require both of them
https://fedorahosted.org/freeipa/ticket/3786
---
ipalib/plugins/idrange.py | 65 ++-
1 file changed, 36 insertions(+), 29 deletions(-)
diff --git a/ipalib/plugins/idrange.py b/ipalib/plugins/idrange.py
index 7f8c1ab7b265230c3dd5b0263f763ddf398c..916641e455ed57bc17f2bd22999ed588ae57300b 100644
--- a/ipalib/plugins/idrange.py
+++ b/ipalib/plugins/idrange.py
@@ -394,40 +394,47 @@ class idrange_add(LDAPCreate):
dom_sid_set = any(dom_id in kw for dom_id in
('ipanttrusteddomainname', 'ipanttrusteddomainsid'))
-rid_base_set = 'ipabaserid' in kw
-secondary_rid_base_set = 'ipasecondarybaserid' in kw
+rid_base = kw.get('ipabaserid', None)
+secondary_rid_base = kw.get('ipasecondarybaserid', None)
-# Prompt for RID base if domain SID / name was given
-if dom_sid_set and not rid_base_set:
-value = self.prompt_param(self.params['ipabaserid'])
-kw.update(dict(ipabaserid=value))
+def set_from_prompt(param):
+value = self.prompt_param(self.params[param])
+update = {param: value}
+kw.update(update)
-if not dom_sid_set:
-# Prompt for secondary RID base if RID base was given
-if rid_base_set and not secondary_rid_base_set:
-value = self.prompt_param(self.params['ipasecondarybaserid'])
-kw.update(dict(ipasecondarybaserid=value))
-
-# Symetrically, prompt for RID base if secondary RID base was given
-if not rid_base_set and secondary_rid_base_set:
-value = self.prompt_param(self.params['ipabaserid'])
-kw.update(dict(ipabaserid=value))
-
-# Prompt for rid-base and secondary-rid-base if ipa-adtrust-install
-# has been run on the system
-adtrust_is_enabled = api.Command['adtrust_is_enabled']()['result']
-
-if adtrust_is_enabled:
-rid_base = kw.get('ipabaserid', None)
-secondary_rid_base = kw.get('ipasecondarybaserid', None)
+if dom_sid_set:
+# This is a trusted range
+# Prompt for RID base if domain SID / name was given
if rid_base is None:
-value = self.prompt_param(self.params['ipabaserid'])
-kw.update(dict(ipabaserid=value))
+set_from_prompt('ipabaserid')
-if secondary_rid_base is None:
-value = self.prompt_param(self.params['ipasecondarybaserid'])
-kw.update(dict(ipasecondarybaserid=value))
+else:
+# This is a local range
+# Find out whether ipa-adtrust-install has been ran
+adtrust_is_enabled = api.Command['adtrust_is_enabled']()['result']
+
+if adtrust_is_enabled:
+# If ipa-adtrust-install has been ran, all local ranges
+# require both RID base and secondary RID base
+
+if rid_base is None:
+set_from_prompt('ipabaserid')
+
+if secondary_rid_base is None:
+set_from_prompt('ipasecondarybaserid')
+
+else:
+# This is a local range on a server with no adtrust support
+
+# Prompt for secondary RID base only if RID base was given
+if rid_base is not None and secondary_rid_base is None:
+set_from_prompt('ipasecondarybaserid')
+
+# Symetrically, prompt for RID base if secondary RID base was
+# given
+if rid_base is None and secondary_rid_base is not None:
+set_from_prompt('ipabaserid')
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
asser