def post_callback(self, ldap, entries, truncated, *args, **options):
# we have to sort entries manually instead of relying on inherited
# mechanisms
def sort_key(x):
if 'krbcanonicalname' in x:
return x['krbcanonicalname'][0]
else:
return x['krbprincipalname'][0]
entries.sort(key=sort_key)
if options.get('pkey_only', False):
return truncated
for entry_attrs in entries:
self.obj.get_password_attributes(ldap, entry_attrs.dn, entry_attrs)
principal = entry_attrs['krbprincipalname']
if isinstance(principal, (tuple, list)):
principal = principal[0]
try:
set_certificate_attrs(entry_attrs)
except errors.CertificateFormatError as e:
self.add_message(
messages.CertificateInvalid(
subject=principal,
reason=e
)
)
logger.error("Invalid certificate: %s", e)
del(entry_attrs['usercertificate'])
set_kerberos_attrs(entry_attrs, options)
rename_ipaallowedtoperform_from_ldap(entry_attrs, options)
self.obj.populate_krbcanonicalname(entry_attrs, options)
return truncated
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
assert isinstance(dn, DN)
self.obj.get_password_attributes(ldap, dn, entry_attrs)
principal = entry_attrs['krbprincipalname']
if isinstance(principal, (tuple, list)):
principal = principal[0]
try:
set_certificate_attrs(entry_attrs)
except errors.CertificateFormatError as e:
self.add_message(
messages.CertificateInvalid(
subject=principal,
reason=e,
))
self.log.error("Invalid certificate: {err}".format(err=e))
del (entry_attrs['usercertificate'])
set_kerberos_attrs(entry_attrs, options)
rename_ipaallowedtoperform_from_ldap(entry_attrs, options)
self.obj.populate_krbcanonicalname(entry_attrs, options)
return dn
