class hbactest(Command):
__doc__ = _("Simulate use of Host-based access controls")
takes_options = (
parameters.Str(
'user',
label=_(u'User name'),
),
parameters.Str(
'sourcehost',
required=False,
cli_name='srchost',
label=_(u'Source host'),
),
parameters.Str(
'targethost',
cli_name='host',
label=_(u'Target host'),
),
parameters.Str(
'service',
label=_(u'Service'),
),
parameters.Str(
'rules',
required=False,
multivalue=True,
label=_(u'Rules to test. If not specified, --enabled is assumed'),
),
parameters.Flag(
'nodetail',
required=False,
label=_(
u'Hide details which rules are matched, not matched, or invalid'
),
default=False,
autofill=True,
),
parameters.Flag(
'enabled',
required=False,
label=_(u'Include all enabled IPA rules into test [default]'),
default=False,
autofill=True,
),
parameters.Flag(
'disabled',
required=False,
label=_(u'Include all disabled IPA rules into test'),
default=False,
autofill=True,
),
parameters.Int(
'sizelimit',
required=False,
label=_(u'Size Limit'),
doc=
_(u'Maximum number of rules to process when no --rules is specified'
),
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.Output(
'warning',
(list, tuple, type(None)),
doc=_(u'Warning'),
),
output.Output(
'matched',
(list, tuple, type(None)),
doc=_(u'Matched rules'),
),
output.Output(
'notmatched',
(list, tuple, type(None)),
doc=_(u'Not matched rules'),
),
output.Output(
'error',
(list, tuple, type(None)),
doc=_(u'Non-existent or invalid rules'),
),
output.Output(
'value',
bool,
doc=_(u'Result of simulation'),
),
)
class host_disallow_retrieve_keytab(Method):
__doc__ = _("Disallow users, groups, hosts or host groups to retrieve a keytab of this host.")
takes_args = (
parameters.Str(
'fqdn',
cli_name='hostname',
label=_(u'Host name'),
no_convert=True,
),
)
takes_options = (
parameters.Flag(
'all',
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
exclude=('webui',),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=_(u'Print entries as stored on the server. Only affects output format.'),
exclude=('webui',),
default=False,
autofill=True,
),
parameters.Flag(
'no_members',
doc=_(u'Suppress processing of membership attributes.'),
exclude=('webui', 'cli'),
default=False,
autofill=True,
),
parameters.Str(
'user',
required=False,
multivalue=True,
cli_name='users',
label=_(u'member user'),
doc=_(u'users to remove'),
alwaysask=True,
),
parameters.Str(
'group',
required=False,
multivalue=True,
cli_name='groups',
label=_(u'member group'),
doc=_(u'groups to remove'),
alwaysask=True,
),
parameters.Str(
'host',
required=False,
multivalue=True,
cli_name='hosts',
label=_(u'member host'),
doc=_(u'hosts to remove'),
alwaysask=True,
),
parameters.Str(
'hostgroup',
required=False,
multivalue=True,
cli_name='hostgroups',
label=_(u'member host group'),
doc=_(u'host groups to remove'),
alwaysask=True,
),
)
has_output = (
output.Entry(
'result',
),
output.Output(
'failed',
dict,
doc=_(u'Members that could not be removed'),
),
output.Output(
'completed',
int,
doc=_(u'Number of members removed'),
),
)
class otpconfig_mod(Method):
__doc__ = _("Modify OTP configuration options.")
takes_options = (
parameters.Int(
'ipatokentotpauthwindow',
required=False,
cli_name='totp_auth_window',
label=_(u'TOTP authentication Window'),
doc=_(u'TOTP authentication time variance (seconds)'),
),
parameters.Int(
'ipatokentotpsyncwindow',
required=False,
cli_name='totp_sync_window',
label=_(u'TOTP Synchronization Window'),
doc=_(u'TOTP synchronization time variance (seconds)'),
),
parameters.Int(
'ipatokenhotpauthwindow',
required=False,
cli_name='hotp_auth_window',
label=_(u'HOTP Authentication Window'),
doc=_(u'HOTP authentication skip-ahead'),
),
parameters.Int(
'ipatokenhotpsyncwindow',
required=False,
cli_name='hotp_sync_window',
label=_(u'HOTP Synchronization Window'),
doc=_(u'HOTP synchronization skip-ahead'),
),
parameters.Str(
'setattr',
required=False,
multivalue=True,
doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
exclude=('webui',),
),
parameters.Str(
'addattr',
required=False,
multivalue=True,
doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
exclude=('webui',),
),
parameters.Str(
'delattr',
required=False,
multivalue=True,
doc=_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'),
exclude=('webui',),
),
parameters.Flag(
'rights',
label=_(u'Rights'),
doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
default=False,
autofill=True,
),
parameters.Flag(
'all',
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
exclude=('webui',),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=_(u'Print entries as stored on the server. Only affects output format.'),
exclude=('webui',),
default=False,
autofill=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.Entry(
'result',
),
output.PrimaryKey(
'value',
doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
),
)
class group_mod(Method):
__doc__ = _("Modify a group.")
takes_args = (parameters.Str(
'cn',
cli_name='group_name',
label=_(u'Group name'),
no_convert=True,
), )
takes_options = (
parameters.Str(
'description',
required=False,
cli_name='desc',
label=_(u'Description'),
doc=_(u'Group description'),
),
parameters.Int(
'gidnumber',
required=False,
cli_name='gid',
label=_(u'GID'),
doc=_(u'GID (use this option to set it manually)'),
),
parameters.Str(
'setattr',
required=False,
multivalue=True,
doc=
_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'
),
exclude=('webui', ),
),
parameters.Str(
'addattr',
required=False,
multivalue=True,
doc=
_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'
),
exclude=('webui', ),
),
parameters.Str(
'delattr',
required=False,
multivalue=True,
doc=
_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'
),
exclude=('webui', ),
),
parameters.Flag(
'rights',
label=_(u'Rights'),
doc=
_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'
),
default=False,
autofill=True,
),
parameters.Flag(
'posix',
doc=_(u'change to a POSIX group'),
default=False,
autofill=True,
),
parameters.Flag(
'external',
doc=
_(u'change to support external non-IPA members from trusted domains'
),
default=False,
autofill=True,
),
parameters.Flag(
'all',
doc=
_(u'Retrieve and print all attributes from the server. Affects command output.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=
_(u'Print entries as stored on the server. Only affects output format.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'no_members',
doc=_(u'Suppress processing of membership attributes.'),
exclude=('webui', 'cli'),
default=False,
autofill=True,
),
parameters.Str(
'rename',
required=False,
label=_(u'Rename'),
doc=_(u'Rename the group object'),
no_convert=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.Entry('result', ),
output.PrimaryKey(
'value',
doc=_(
u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
),
)
class host_add(Method):
__doc__ = _("Add a new host.")
takes_args = (
parameters.Str(
'fqdn',
cli_name='hostname',
label=_(u'Host name'),
no_convert=True,
),
)
takes_options = (
parameters.Str(
'description',
required=False,
cli_name='desc',
label=_(u'Description'),
doc=_(u'A description of this host'),
),
parameters.Str(
'l',
required=False,
cli_name='locality',
label=_(u'Locality'),
doc=_(u'Host locality (e.g. "Baltimore, MD")'),
),
parameters.Str(
'nshostlocation',
required=False,
cli_name='location',
label=_(u'Location'),
doc=_(u'Host location (e.g. "Lab 2")'),
),
parameters.Str(
'nshardwareplatform',
required=False,
cli_name='platform',
label=_(u'Platform'),
doc=_(u'Host hardware platform (e.g. "Lenovo T61")'),
),
parameters.Str(
'nsosversion',
required=False,
cli_name='os',
label=_(u'Operating system'),
doc=_(u'Host operating system and version (e.g. "Fedora 9")'),
),
parameters.Str(
'userpassword',
required=False,
cli_name='password',
label=_(u'User password'),
doc=_(u'Password used in bulk enrollment'),
),
parameters.Flag(
'random',
required=False,
doc=_(u'Generate a random password to be used in bulk enrollment'),
default=False,
autofill=True,
),
parameters.Bytes(
'usercertificate',
required=False,
cli_name='certificate',
label=_(u'Certificate'),
doc=_(u'Base-64 encoded server certificate'),
),
parameters.Str(
'macaddress',
required=False,
multivalue=True,
label=_(u'MAC address'),
doc=_(u'Hardware MAC address(es) on this host'),
no_convert=True,
),
parameters.Str(
'ipasshpubkey',
required=False,
multivalue=True,
cli_name='sshpubkey',
label=_(u'SSH public key'),
no_convert=True,
),
parameters.Str(
'userclass',
required=False,
multivalue=True,
cli_name='class',
label=_(u'Class'),
doc=_(u'Host category (semantics placed on this attribute are for local interpretation)'),
),
parameters.Str(
'ipaassignedidview',
required=False,
label=_(u'Assigned ID View'),
exclude=('cli', 'webui'),
),
parameters.Bool(
'ipakrbrequirespreauth',
required=False,
cli_name='requires_pre_auth',
label=_(u'Requires pre-authentication'),
doc=_(u'Pre-authentication is required for the service'),
),
parameters.Bool(
'ipakrbokasdelegate',
required=False,
cli_name='ok_as_delegate',
label=_(u'Trusted for delegation'),
doc=_(u'Client credentials may be delegated to the service'),
),
parameters.Str(
'setattr',
required=False,
multivalue=True,
doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
exclude=('webui',),
),
parameters.Str(
'addattr',
required=False,
multivalue=True,
doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
exclude=('webui',),
),
parameters.Flag(
'force',
label=_(u'Force'),
doc=_(u'force host name even if not in DNS'),
default=False,
autofill=True,
),
parameters.Flag(
'no_reverse',
doc=_(u'skip reverse DNS detection'),
default=False,
autofill=True,
),
parameters.Str(
'ip_address',
required=False,
label=_(u'IP Address'),
doc=_(u'Add the host to DNS with this IP address'),
),
parameters.Flag(
'all',
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
exclude=('webui',),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=_(u'Print entries as stored on the server. Only affects output format.'),
exclude=('webui',),
default=False,
autofill=True,
),
parameters.Flag(
'no_members',
doc=_(u'Suppress processing of membership attributes.'),
exclude=('webui', 'cli'),
default=False,
autofill=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.Entry(
'result',
),
output.PrimaryKey(
'value',
doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
),
)
class trust_find(Method):
__doc__ = _("Search for trusts.")
takes_args = (parameters.Str(
'criteria',
required=False,
doc=_(u'A string searched in all relevant object attributes'),
), )
takes_options = (
parameters.Str(
'cn',
required=False,
cli_name='realm',
label=_(u'Realm name'),
),
parameters.Str(
'ipantflatname',
required=False,
cli_name='flat_name',
label=_(u'Domain NetBIOS name'),
),
parameters.Str(
'ipanttrusteddomainsid',
required=False,
cli_name='sid',
label=_(u'Domain Security Identifier'),
),
parameters.Str(
'ipantsidblacklistincoming',
required=False,
multivalue=True,
cli_name='sid_blacklist_incoming',
label=_(u'SID blacklist incoming'),
),
parameters.Str(
'ipantsidblacklistoutgoing',
required=False,
multivalue=True,
cli_name='sid_blacklist_outgoing',
label=_(u'SID blacklist outgoing'),
),
parameters.Int(
'timelimit',
required=False,
label=_(u'Time Limit'),
doc=_(u'Time limit of search in seconds'),
),
parameters.Int(
'sizelimit',
required=False,
label=_(u'Size Limit'),
doc=_(u'Maximum number of entries returned'),
),
parameters.Flag(
'all',
doc=
_(u'Retrieve and print all attributes from the server. Affects command output.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=
_(u'Print entries as stored on the server. Only affects output format.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'pkey_only',
required=False,
label=_(u'Primary key only'),
doc=_(
u'Results should contain primary key attribute only ("realm")'
),
default=False,
autofill=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.ListOfEntries('result', ),
output.Output(
'count',
int,
doc=_(u'Number of entries returned'),
),
output.Output(
'truncated',
bool,
doc=_(u'True if not all results were returned'),
),
)
class trustconfig_mod(Method):
__doc__ = _("Modify global trust configuration.")
takes_options = (
parameters.Str(
'ipantfallbackprimarygroup',
required=False,
cli_name='fallback_primary_group',
label=_(u'Fallback primary group'),
),
parameters.Str(
'setattr',
required=False,
multivalue=True,
doc=
_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'
),
exclude=('webui', ),
),
parameters.Str(
'addattr',
required=False,
multivalue=True,
doc=
_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'
),
exclude=('webui', ),
),
parameters.Str(
'delattr',
required=False,
multivalue=True,
doc=
_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'
),
exclude=('webui', ),
),
parameters.Flag(
'rights',
label=_(u'Rights'),
doc=
_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'
),
default=False,
autofill=True,
),
parameters.Str(
'trust_type',
cli_name='type',
cli_metavar="['ad']",
label=_(u'Trust type (ad for Active Directory, default)'),
default=u'ad',
autofill=True,
),
parameters.Flag(
'all',
doc=
_(u'Retrieve and print all attributes from the server. Affects command output.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=
_(u'Print entries as stored on the server. Only affects output format.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.Entry('result', ),
output.Output(
'value',
unicode,
doc=_(
u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
),
)
class idrange_find(Method):
__doc__ = _("Search for ranges.")
takes_args = (
parameters.Str(
'criteria',
required=False,
doc=_(u'A string searched in all relevant object attributes'),
),
)
takes_options = (
parameters.Str(
'cn',
required=False,
cli_name='name',
label=_(u'Range name'),
),
parameters.Int(
'ipabaseid',
required=False,
cli_name='base_id',
label=_(u'First Posix ID of the range'),
),
parameters.Int(
'ipaidrangesize',
required=False,
cli_name='range_size',
label=_(u'Number of IDs in the range'),
),
parameters.Int(
'ipabaserid',
required=False,
cli_name='rid_base',
label=_(u'First RID of the corresponding RID range'),
),
parameters.Int(
'ipasecondarybaserid',
required=False,
cli_name='secondary_rid_base',
label=_(u'First RID of the secondary RID range'),
),
parameters.Str(
'ipanttrusteddomainsid',
required=False,
cli_name='dom_sid',
label=_(u'Domain SID of the trusted domain'),
),
parameters.Str(
'iparangetype',
required=False,
cli_name='type',
cli_metavar="['ipa-ad-trust-posix', 'ipa-ad-trust', 'ipa-local']",
label=_(u'Range type'),
doc=_(u'ID range type, one of ipa-ad-trust-posix, ipa-ad-trust, ipa-local'),
),
parameters.Int(
'timelimit',
required=False,
label=_(u'Time Limit'),
doc=_(u'Time limit of search in seconds'),
),
parameters.Int(
'sizelimit',
required=False,
label=_(u'Size Limit'),
doc=_(u'Maximum number of entries returned'),
),
parameters.Flag(
'all',
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
exclude=('webui',),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=_(u'Print entries as stored on the server. Only affects output format.'),
exclude=('webui',),
default=False,
autofill=True,
),
parameters.Flag(
'pkey_only',
required=False,
label=_(u'Primary key only'),
doc=_(u'Results should contain primary key attribute only ("name")'),
default=False,
autofill=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.ListOfEntries(
'result',
),
output.Output(
'count',
int,
doc=_(u'Number of entries returned'),
),
output.Output(
'truncated',
bool,
doc=_(u'True if not all results were returned'),
),
)
class idrange_mod(Method):
__doc__ = _("Modify ID range.")
takes_args = (
parameters.Str(
'cn',
cli_name='name',
label=_(u'Range name'),
),
)
takes_options = (
parameters.Int(
'ipabaseid',
required=False,
cli_name='base_id',
label=_(u'First Posix ID of the range'),
),
parameters.Int(
'ipaidrangesize',
required=False,
cli_name='range_size',
label=_(u'Number of IDs in the range'),
),
parameters.Int(
'ipabaserid',
required=False,
cli_name='rid_base',
label=_(u'First RID of the corresponding RID range'),
),
parameters.Int(
'ipasecondarybaserid',
required=False,
cli_name='secondary_rid_base',
label=_(u'First RID of the secondary RID range'),
),
parameters.Str(
'setattr',
required=False,
multivalue=True,
doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
exclude=('webui',),
),
parameters.Str(
'addattr',
required=False,
multivalue=True,
doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
exclude=('webui',),
),
parameters.Str(
'delattr',
required=False,
multivalue=True,
doc=_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'),
exclude=('webui',),
),
parameters.Flag(
'rights',
label=_(u'Rights'),
doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
default=False,
autofill=True,
),
parameters.Str(
'ipanttrusteddomainsid',
required=False,
deprecated=True,
exclude=('cli', 'webui'),
),
parameters.Str(
'ipanttrusteddomainname',
required=False,
deprecated=True,
exclude=('cli', 'webui'),
),
parameters.Flag(
'all',
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
exclude=('webui',),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=_(u'Print entries as stored on the server. Only affects output format.'),
exclude=('webui',),
default=False,
autofill=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.Entry(
'result',
),
output.PrimaryKey(
'value',
doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
),
)
class server_find(Method):
__doc__ = _("Search for IPA servers.")
takes_args = (
parameters.Str(
'criteria',
required=False,
doc=_(u'A string searched in all relevant object attributes'),
),
)
takes_options = (
parameters.Str(
'cn',
required=False,
cli_name='name',
label=_(u'Server name'),
doc=_(u'IPA server hostname'),
),
parameters.Int(
'ipamindomainlevel',
required=False,
cli_name='minlevel',
label=_(u'Min domain level'),
doc=_(u'Minimum domain level'),
),
parameters.Int(
'ipamaxdomainlevel',
required=False,
cli_name='maxlevel',
label=_(u'Max domain level'),
doc=_(u'Maximum domain level'),
),
parameters.Int(
'timelimit',
required=False,
label=_(u'Time Limit'),
doc=_(u'Time limit of search in seconds (0 is unlimited)'),
),
parameters.Int(
'sizelimit',
required=False,
label=_(u'Size Limit'),
doc=_(u'Maximum number of entries returned (0 is unlimited)'),
),
parameters.Flag(
'all',
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
exclude=('webui',),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=_(u'Print entries as stored on the server. Only affects output format.'),
exclude=('webui',),
default=False,
autofill=True,
),
parameters.Flag(
'no_members',
doc=_(u'Suppress processing of membership attributes.'),
exclude=('webui', 'cli'),
default=False,
autofill=True,
),
parameters.Flag(
'pkey_only',
required=False,
label=_(u'Primary key only'),
doc=_(u'Results should contain primary key attribute only ("name")'),
default=False,
autofill=True,
),
parameters.Str(
'topologysuffix',
required=False,
multivalue=True,
cli_name='topologysuffixes',
label=_(u'suffix'),
doc=_(u'Search for servers with these managed suffixes.'),
),
parameters.Str(
'no_topologysuffix',
required=False,
multivalue=True,
cli_name='no_topologysuffixes',
label=_(u'suffix'),
doc=_(u'Search for servers without these managed suffixes.'),
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.ListOfEntries(
'result',
),
output.Output(
'count',
int,
doc=_(u'Number of entries returned'),
),
output.Output(
'truncated',
bool,
doc=_(u'True if not all results were returned'),
),
)
class idrange_add(Method):
__doc__ = _("""
Add new ID range.
To add a new ID range you always have to specify
--base-id
--range-size
Additionally
--rid-base
--secondary-rid-base
may be given for a new ID range for the local domain while
--rid-base
--dom-sid
must be given to add a new range for a trusted AD domain.
WARNING:
DNA plugin in 389-ds will allocate IDs based on the ranges configured for the
local domain. Currently the DNA plugin *cannot* be reconfigured itself based
on the local ranges set via this family of commands.
Manual configuration change has to be done in the DNA plugin configuration for
the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix
IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to be
modified to match the new range.
""")
takes_args = (
parameters.Str(
'cn',
cli_name='name',
label=_(u'Range name'),
),
)
takes_options = (
parameters.Int(
'ipabaseid',
cli_name='base_id',
label=_(u'First Posix ID of the range'),
),
parameters.Int(
'ipaidrangesize',
cli_name='range_size',
label=_(u'Number of IDs in the range'),
),
parameters.Int(
'ipabaserid',
required=False,
cli_name='rid_base',
label=_(u'First RID of the corresponding RID range'),
),
parameters.Int(
'ipasecondarybaserid',
required=False,
cli_name='secondary_rid_base',
label=_(u'First RID of the secondary RID range'),
),
parameters.Str(
'ipanttrusteddomainsid',
required=False,
cli_name='dom_sid',
label=_(u'Domain SID of the trusted domain'),
),
parameters.Str(
'ipanttrusteddomainname',
required=False,
cli_name='dom_name',
label=_(u'Name of the trusted domain'),
),
parameters.Str(
'iparangetype',
required=False,
cli_name='type',
cli_metavar="['ipa-ad-trust-posix', 'ipa-ad-trust', 'ipa-local']",
label=_(u'Range type'),
doc=_(u'ID range type, one of ipa-ad-trust-posix, ipa-ad-trust, ipa-local'),
),
parameters.Str(
'setattr',
required=False,
multivalue=True,
doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
exclude=('webui',),
),
parameters.Str(
'addattr',
required=False,
multivalue=True,
doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
exclude=('webui',),
),
parameters.Flag(
'all',
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
exclude=('webui',),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=_(u'Print entries as stored on the server. Only affects output format.'),
exclude=('webui',),
default=False,
autofill=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.Entry(
'result',
),
output.PrimaryKey(
'value',
doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
),
)
class trustdomain_add(Method):
__doc__ = _("Allow access from the trusted domain")
NO_CLI = True
takes_args = (
parameters.Str(
'trustcn',
cli_name='trust',
label=_(u'Realm name'),
),
parameters.Str(
'cn',
cli_name='domain',
label=_(u'Domain name'),
),
)
takes_options = (
parameters.Str(
'ipantflatname',
required=False,
cli_name='flat_name',
label=_(u'Domain NetBIOS name'),
),
parameters.Str(
'ipanttrusteddomainsid',
required=False,
cli_name='sid',
label=_(u'Domain Security Identifier'),
),
parameters.Str(
'ipanttrustpartner',
required=False,
label=_(u'Trusted domain partner'),
exclude=('cli', 'webui'),
),
parameters.Str(
'setattr',
required=False,
multivalue=True,
doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
exclude=('webui',),
),
parameters.Str(
'addattr',
required=False,
multivalue=True,
doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
exclude=('webui',),
),
parameters.Str(
'trust_type',
cli_name='type',
cli_metavar="['ad']",
label=_(u'Trust type (ad for Active Directory, default)'),
default=u'ad',
autofill=True,
),
parameters.Flag(
'all',
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
exclude=('webui',),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=_(u'Print entries as stored on the server. Only affects output format.'),
exclude=('webui',),
default=False,
autofill=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.Entry(
'result',
),
output.PrimaryKey(
'value',
doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
),
)
class hostgroup_add_member(Method):
__doc__ = _("Add members to a hostgroup.")
takes_args = (
parameters.Str(
'cn',
cli_name='hostgroup_name',
label=_(u'Host-group'),
doc=_(u'Name of host-group'),
no_convert=True,
),
)
takes_options = (
parameters.Flag(
'all',
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
exclude=('webui',),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=_(u'Print entries as stored on the server. Only affects output format.'),
exclude=('webui',),
default=False,
autofill=True,
),
parameters.Flag(
'no_members',
doc=_(u'Suppress processing of membership attributes.'),
exclude=('webui', 'cli'),
default=False,
autofill=True,
),
parameters.Str(
'host',
required=False,
multivalue=True,
cli_name='hosts',
label=_(u'member host'),
doc=_(u'hosts to add'),
alwaysask=True,
),
parameters.Str(
'hostgroup',
required=False,
multivalue=True,
cli_name='hostgroups',
label=_(u'member host group'),
doc=_(u'host groups to add'),
alwaysask=True,
),
)
has_output = (
output.Entry(
'result',
),
output.Output(
'failed',
dict,
doc=_(u'Members that could not be added'),
),
output.Output(
'completed',
int,
doc=_(u'Number of members added'),
),
)
class hostgroup_add(Method):
__doc__ = _("Add a new hostgroup.")
takes_args = (
parameters.Str(
'cn',
cli_name='hostgroup_name',
label=_(u'Host-group'),
doc=_(u'Name of host-group'),
no_convert=True,
),
)
takes_options = (
parameters.Str(
'description',
required=False,
cli_name='desc',
label=_(u'Description'),
doc=_(u'A description of this host-group'),
),
parameters.Str(
'setattr',
required=False,
multivalue=True,
doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
exclude=('webui',),
),
parameters.Str(
'addattr',
required=False,
multivalue=True,
doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
exclude=('webui',),
),
parameters.Flag(
'all',
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
exclude=('webui',),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=_(u'Print entries as stored on the server. Only affects output format.'),
exclude=('webui',),
default=False,
autofill=True,
),
parameters.Flag(
'no_members',
doc=_(u'Suppress processing of membership attributes.'),
exclude=('webui', 'cli'),
default=False,
autofill=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.Entry(
'result',
),
output.PrimaryKey(
'value',
doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
),
)
class pwpolicy_mod(Method):
__doc__ = _("Modify a group password policy.")
takes_args = (parameters.Str(
'cn',
required=False,
cli_name='group',
label=_(u'Group'),
doc=_(u'Manage password policy for specific group'),
), )
takes_options = (
parameters.Int(
'krbmaxpwdlife',
required=False,
cli_name='maxlife',
label=_(u'Max lifetime (days)'),
doc=_(u'Maximum password lifetime (in days)'),
),
parameters.Int(
'krbminpwdlife',
required=False,
cli_name='minlife',
label=_(u'Min lifetime (hours)'),
doc=_(u'Minimum password lifetime (in hours)'),
),
parameters.Int(
'krbpwdhistorylength',
required=False,
cli_name='history',
label=_(u'History size'),
doc=_(u'Password history size'),
),
parameters.Int(
'krbpwdmindiffchars',
required=False,
cli_name='minclasses',
label=_(u'Character classes'),
doc=_(u'Minimum number of character classes'),
),
parameters.Int(
'krbpwdminlength',
required=False,
cli_name='minlength',
label=_(u'Min length'),
doc=_(u'Minimum length of password'),
),
parameters.Int(
'cospriority',
required=False,
cli_name='priority',
label=_(u'Priority'),
doc=_(
u'Priority of the policy (higher number means lower priority'),
),
parameters.Int(
'krbpwdmaxfailure',
required=False,
cli_name='maxfail',
label=_(u'Max failures'),
doc=_(u'Consecutive failures before lockout'),
),
parameters.Int(
'krbpwdfailurecountinterval',
required=False,
cli_name='failinterval',
label=_(u'Failure reset interval'),
doc=_(u'Period after which failure count will be reset (seconds)'),
),
parameters.Int(
'krbpwdlockoutduration',
required=False,
cli_name='lockouttime',
label=_(u'Lockout duration'),
doc=_(u'Period for which lockout is enforced (seconds)'),
),
parameters.Str(
'setattr',
required=False,
multivalue=True,
doc=
_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'
),
exclude=('webui', ),
),
parameters.Str(
'addattr',
required=False,
multivalue=True,
doc=
_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'
),
exclude=('webui', ),
),
parameters.Str(
'delattr',
required=False,
multivalue=True,
doc=
_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'
),
exclude=('webui', ),
),
parameters.Flag(
'rights',
label=_(u'Rights'),
doc=
_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'
),
default=False,
autofill=True,
),
parameters.Flag(
'all',
doc=
_(u'Retrieve and print all attributes from the server. Affects command output.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=
_(u'Print entries as stored on the server. Only affects output format.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.Entry('result', ),
output.PrimaryKey(
'value',
doc=_(
u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
),
)
class service_show(Method):
__doc__ = _("Display information about an IPA service.")
takes_args = (
parameters.Str(
'krbprincipalname',
cli_name='principal',
label=_(u'Principal'),
doc=_(u'Service principal'),
no_convert=True,
),
)
takes_options = (
parameters.Flag(
'rights',
label=_(u'Rights'),
doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
default=False,
autofill=True,
),
parameters.Str(
'out',
required=False,
doc=_(u'file to store certificate in'),
),
parameters.Flag(
'all',
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
exclude=('webui',),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=_(u'Print entries as stored on the server. Only affects output format.'),
exclude=('webui',),
default=False,
autofill=True,
),
parameters.Flag(
'no_members',
doc=_(u'Suppress processing of membership attributes.'),
exclude=('webui', 'cli'),
default=False,
autofill=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.Entry(
'result',
),
output.PrimaryKey(
'value',
doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
),
)
class trust_add(Method):
__doc__ = _("""
Add new trust to use.
This command establishes trust relationship to another domain
which becomes 'trusted'. As result, users of the trusted domain
may access resources of this domain.
Only trusts to Active Directory domains are supported right now.
The command can be safely run multiple times against the same domain,
this will cause change to trust relationship credentials on both
sides.
""")
takes_args = (parameters.Str(
'cn',
cli_name='realm',
label=_(u'Realm name'),
), )
takes_options = (
parameters.Str(
'setattr',
required=False,
multivalue=True,
doc=
_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'
),
exclude=('webui', ),
),
parameters.Str(
'addattr',
required=False,
multivalue=True,
doc=
_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'
),
exclude=('webui', ),
),
parameters.Str(
'trust_type',
cli_name='type',
cli_metavar="['ad']",
label=_(u'Trust type (ad for Active Directory, default)'),
default=u'ad',
autofill=True,
),
parameters.Str(
'realm_admin',
required=False,
cli_name='admin',
label=_(u'Active Directory domain administrator'),
),
parameters.Password(
'realm_passwd',
required=False,
cli_name='password',
label=_(u"Active directory domain administrator's password"),
),
parameters.Str(
'realm_server',
required=False,
cli_name='server',
label=_(
u'Domain controller for the Active Directory domain (optional)'
),
),
parameters.Password(
'trust_secret',
required=False,
label=_(u'Shared secret for the trust'),
),
parameters.Int(
'base_id',
required=False,
label=_(
u'First Posix ID of the range reserved for the trusted domain'
),
),
parameters.Int(
'range_size',
required=False,
label=_(u'Size of the ID range reserved for the trusted domain'),
default=200000,
autofill=True,
),
parameters.Flag(
'all',
doc=
_(u'Retrieve and print all attributes from the server. Affects command output.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=
_(u'Print entries as stored on the server. Only affects output format.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.Entry('result', ),
output.Output(
'value',
unicode,
doc=_(
u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
),
)
class service_find(Method):
__doc__ = _("Search for IPA services.")
takes_args = (
parameters.Str(
'criteria',
required=False,
doc=_(u'A string searched in all relevant object attributes'),
),
)
takes_options = (
parameters.Str(
'krbprincipalname',
required=False,
cli_name='principal',
label=_(u'Principal'),
doc=_(u'Service principal'),
no_convert=True,
),
parameters.Str(
'ipakrbauthzdata',
required=False,
multivalue=True,
cli_name='pac_type',
cli_metavar="['MS-PAC', 'PAD', 'NONE']",
label=_(u'PAC type'),
doc=_(u"Override default list of supported PAC types. Use 'NONE' to disable PAC support for this service, e.g. this might be necessary for NFS services."),
),
parameters.Int(
'timelimit',
required=False,
label=_(u'Time Limit'),
doc=_(u'Time limit of search in seconds (0 is unlimited)'),
),
parameters.Int(
'sizelimit',
required=False,
label=_(u'Size Limit'),
doc=_(u'Maximum number of entries returned (0 is unlimited)'),
),
parameters.Flag(
'all',
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
exclude=('webui',),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=_(u'Print entries as stored on the server. Only affects output format.'),
exclude=('webui',),
default=False,
autofill=True,
),
parameters.Flag(
'no_members',
doc=_(u'Suppress processing of membership attributes.'),
exclude=('webui', 'cli'),
default=False,
autofill=True,
),
parameters.Flag(
'pkey_only',
required=False,
label=_(u'Primary key only'),
doc=_(u'Results should contain primary key attribute only ("principal")'),
default=False,
autofill=True,
),
parameters.Str(
'man_by_host',
required=False,
multivalue=True,
cli_name='man_by_hosts',
label=_(u'host'),
doc=_(u'Search for services with these managed by hosts.'),
),
parameters.Str(
'not_man_by_host',
required=False,
multivalue=True,
cli_name='not_man_by_hosts',
label=_(u'host'),
doc=_(u'Search for services without these managed by hosts.'),
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.ListOfEntries(
'result',
),
output.Output(
'count',
int,
doc=_(u'Number of entries returned'),
),
output.Output(
'truncated',
bool,
doc=_(u'True if not all results were returned'),
),
)
class trust_mod(Method):
__doc__ = _("""
Modify a trust (for future use).
Currently only the default option to modify the LDAP attributes is
available. More specific options will be added in coming releases.
""")
takes_args = (parameters.Str(
'cn',
cli_name='realm',
label=_(u'Realm name'),
), )
takes_options = (
parameters.Str(
'ipantsidblacklistincoming',
required=False,
multivalue=True,
cli_name='sid_blacklist_incoming',
label=_(u'SID blacklist incoming'),
),
parameters.Str(
'ipantsidblacklistoutgoing',
required=False,
multivalue=True,
cli_name='sid_blacklist_outgoing',
label=_(u'SID blacklist outgoing'),
),
parameters.Str(
'setattr',
required=False,
multivalue=True,
doc=
_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'
),
exclude=('webui', ),
),
parameters.Str(
'addattr',
required=False,
multivalue=True,
doc=
_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'
),
exclude=('webui', ),
),
parameters.Str(
'delattr',
required=False,
multivalue=True,
doc=
_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'
),
exclude=('webui', ),
),
parameters.Flag(
'rights',
label=_(u'Rights'),
doc=
_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'
),
default=False,
autofill=True,
),
parameters.Flag(
'all',
doc=
_(u'Retrieve and print all attributes from the server. Affects command output.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=
_(u'Print entries as stored on the server. Only affects output format.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.Entry('result', ),
output.Output(
'value',
unicode,
doc=_(
u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
),
)
class service(Object):
takes_params = (
parameters.Str(
'krbprincipalname',
primary_key=True,
label=_(u'Principal'),
doc=_(u'Service principal'),
),
parameters.Bytes(
'usercertificate',
required=False,
multivalue=True,
label=_(u'Certificate'),
doc=_(u'Base-64 encoded server certificate'),
),
parameters.Str(
'ipakrbauthzdata',
required=False,
multivalue=True,
label=_(u'PAC type'),
doc=_(u"Override default list of supported PAC types. Use 'NONE' to disable PAC support for this service, e.g. this might be necessary for NFS services."),
),
parameters.Bool(
'ipakrbrequirespreauth',
required=False,
label=_(u'Requires pre-authentication'),
doc=_(u'Pre-authentication is required for the service'),
),
parameters.Bool(
'ipakrbokasdelegate',
required=False,
label=_(u'Trusted for delegation'),
doc=_(u'Client credentials may be delegated to the service'),
),
parameters.Str(
'memberof_role',
required=False,
label=_(u'Roles'),
),
parameters.Flag(
'has_keytab',
label=_(u'Keytab'),
),
parameters.Str(
'managedby_host',
label=_(u'Managed by'),
),
parameters.Str(
'ipaallowedtoperform_read_keys_user',
label=_(u'Users allowed to retrieve keytab'),
),
parameters.Str(
'ipaallowedtoperform_read_keys_group',
label=_(u'Groups allowed to retrieve keytab'),
),
parameters.Str(
'ipaallowedtoperform_read_keys_host',
label=_(u'Hosts allowed to retrieve keytab'),
),
parameters.Str(
'ipaallowedtoperform_read_keys_hostgroup',
label=_(u'Host Groups allowed to retrieve keytab'),
),
parameters.Str(
'ipaallowedtoperform_write_keys_user',
label=_(u'Users allowed to create keytab'),
),
parameters.Str(
'ipaallowedtoperform_write_keys_group',
label=_(u'Groups allowed to create keytab'),
),
parameters.Str(
'ipaallowedtoperform_write_keys_host',
label=_(u'Hosts allowed to create keytab'),
),
parameters.Str(
'ipaallowedtoperform_write_keys_hostgroup',
label=_(u'Host Groups allowed to create keytab'),
),
)
class group_find(Method):
__doc__ = _("Search for groups.")
takes_args = (parameters.Str(
'criteria',
required=False,
doc=_(u'A string searched in all relevant object attributes'),
), )
takes_options = (
parameters.Str(
'cn',
required=False,
cli_name='group_name',
label=_(u'Group name'),
no_convert=True,
),
parameters.Str(
'description',
required=False,
cli_name='desc',
label=_(u'Description'),
doc=_(u'Group description'),
),
parameters.Int(
'gidnumber',
required=False,
cli_name='gid',
label=_(u'GID'),
doc=_(u'GID (use this option to set it manually)'),
),
parameters.Int(
'timelimit',
required=False,
label=_(u'Time Limit'),
doc=_(u'Time limit of search in seconds'),
),
parameters.Int(
'sizelimit',
required=False,
label=_(u'Size Limit'),
doc=_(u'Maximum number of entries returned'),
),
parameters.Flag(
'private',
doc=_(u'search for private groups'),
default=False,
autofill=True,
),
parameters.Flag(
'posix',
doc=_(u'search for POSIX groups'),
default=False,
autofill=True,
),
parameters.Flag(
'external',
doc=
_(u'search for groups with support of external non-IPA members from trusted domains'
),
default=False,
autofill=True,
),
parameters.Flag(
'nonposix',
doc=_(u'search for non-POSIX groups'),
default=False,
autofill=True,
),
parameters.Flag(
'all',
doc=
_(u'Retrieve and print all attributes from the server. Affects command output.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=
_(u'Print entries as stored on the server. Only affects output format.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'no_members',
doc=_(u'Suppress processing of membership attributes.'),
exclude=('webui', 'cli'),
default=False,
autofill=True,
),
parameters.Flag(
'pkey_only',
required=False,
label=_(u'Primary key only'),
doc=
_(u'Results should contain primary key attribute only ("group-name")'
),
default=False,
autofill=True,
),
parameters.Str(
'user',
required=False,
multivalue=True,
cli_name='users',
label=_(u'user'),
doc=_(u'Search for groups with these member users.'),
),
parameters.Str(
'no_user',
required=False,
multivalue=True,
cli_name='no_users',
label=_(u'user'),
doc=_(u'Search for groups without these member users.'),
),
parameters.Str(
'group',
required=False,
multivalue=True,
cli_name='groups',
label=_(u'group'),
doc=_(u'Search for groups with these member groups.'),
),
parameters.Str(
'no_group',
required=False,
multivalue=True,
cli_name='no_groups',
label=_(u'group'),
doc=_(u'Search for groups without these member groups.'),
),
parameters.Str(
'in_group',
required=False,
multivalue=True,
cli_name='in_groups',
label=_(u'group'),
doc=_(u'Search for groups with these member of groups.'),
),
parameters.Str(
'not_in_group',
required=False,
multivalue=True,
cli_name='not_in_groups',
label=_(u'group'),
doc=_(u'Search for groups without these member of groups.'),
),
parameters.Str(
'in_netgroup',
required=False,
multivalue=True,
cli_name='in_netgroups',
label=_(u'netgroup'),
doc=_(u'Search for groups with these member of netgroups.'),
),
parameters.Str(
'not_in_netgroup',
required=False,
multivalue=True,
cli_name='not_in_netgroups',
label=_(u'netgroup'),
doc=_(u'Search for groups without these member of netgroups.'),
),
parameters.Str(
'in_role',
required=False,
multivalue=True,
cli_name='in_roles',
label=_(u'role'),
doc=_(u'Search for groups with these member of roles.'),
),
parameters.Str(
'not_in_role',
required=False,
multivalue=True,
cli_name='not_in_roles',
label=_(u'role'),
doc=_(u'Search for groups without these member of roles.'),
),
parameters.Str(
'in_hbacrule',
required=False,
multivalue=True,
cli_name='in_hbacrules',
label=_(u'HBAC rule'),
doc=_(u'Search for groups with these member of HBAC rules.'),
),
parameters.Str(
'not_in_hbacrule',
required=False,
multivalue=True,
cli_name='not_in_hbacrules',
label=_(u'HBAC rule'),
doc=_(u'Search for groups without these member of HBAC rules.'),
),
parameters.Str(
'in_sudorule',
required=False,
multivalue=True,
cli_name='in_sudorules',
label=_(u'sudo rule'),
doc=_(u'Search for groups with these member of sudo rules.'),
),
parameters.Str(
'not_in_sudorule',
required=False,
multivalue=True,
cli_name='not_in_sudorules',
label=_(u'sudo rule'),
doc=_(u'Search for groups without these member of sudo rules.'),
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.ListOfEntries('result', ),
output.Output(
'count',
int,
doc=_(u'Number of entries returned'),
),
output.Output(
'truncated',
bool,
doc=_(u'True if not all results were returned'),
),
)
class service_mod(Method):
__doc__ = _("Modify an existing IPA service.")
takes_args = (
parameters.Str(
'krbprincipalname',
cli_name='principal',
label=_(u'Principal'),
doc=_(u'Service principal'),
no_convert=True,
),
)
takes_options = (
parameters.Bytes(
'usercertificate',
required=False,
multivalue=True,
cli_name='certificate',
label=_(u'Certificate'),
doc=_(u'Base-64 encoded server certificate'),
),
parameters.Str(
'ipakrbauthzdata',
required=False,
multivalue=True,
cli_name='pac_type',
cli_metavar="['MS-PAC', 'PAD', 'NONE']",
label=_(u'PAC type'),
doc=_(u"Override default list of supported PAC types. Use 'NONE' to disable PAC support for this service, e.g. this might be necessary for NFS services."),
),
parameters.Bool(
'ipakrbrequirespreauth',
required=False,
cli_name='requires_pre_auth',
label=_(u'Requires pre-authentication'),
doc=_(u'Pre-authentication is required for the service'),
),
parameters.Bool(
'ipakrbokasdelegate',
required=False,
cli_name='ok_as_delegate',
label=_(u'Trusted for delegation'),
doc=_(u'Client credentials may be delegated to the service'),
),
parameters.Str(
'setattr',
required=False,
multivalue=True,
doc=_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'),
exclude=('webui',),
),
parameters.Str(
'addattr',
required=False,
multivalue=True,
doc=_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'),
exclude=('webui',),
),
parameters.Str(
'delattr',
required=False,
multivalue=True,
doc=_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'),
exclude=('webui',),
),
parameters.Flag(
'rights',
label=_(u'Rights'),
doc=_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'),
default=False,
autofill=True,
),
parameters.Flag(
'all',
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
exclude=('webui',),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=_(u'Print entries as stored on the server. Only affects output format.'),
exclude=('webui',),
default=False,
autofill=True,
),
parameters.Flag(
'no_members',
doc=_(u'Suppress processing of membership attributes.'),
exclude=('webui', 'cli'),
default=False,
autofill=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.Entry(
'result',
),
output.PrimaryKey(
'value',
doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
),
)
class group_remove_member(Method):
__doc__ = _("Remove members from a group.")
takes_args = (parameters.Str(
'cn',
cli_name='group_name',
label=_(u'Group name'),
no_convert=True,
), )
takes_options = (
parameters.Str(
'ipaexternalmember',
required=False,
multivalue=True,
cli_name='external',
label=_(u'External member'),
doc=_(
u'Members of a trusted domain in DOM\\name or name@domain form'
),
),
parameters.Flag(
'all',
doc=
_(u'Retrieve and print all attributes from the server. Affects command output.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=
_(u'Print entries as stored on the server. Only affects output format.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'no_members',
doc=_(u'Suppress processing of membership attributes.'),
exclude=('webui', 'cli'),
default=False,
autofill=True,
),
parameters.Str(
'user',
required=False,
multivalue=True,
cli_name='users',
label=_(u'member user'),
doc=_(u'users to remove'),
alwaysask=True,
),
parameters.Str(
'group',
required=False,
multivalue=True,
cli_name='groups',
label=_(u'member group'),
doc=_(u'groups to remove'),
alwaysask=True,
),
)
has_output = (
output.Entry('result', ),
output.Output(
'failed',
dict,
doc=_(u'Members that could not be removed'),
),
output.Output(
'completed',
int,
doc=_(u'Number of members removed'),
),
)
class cosentry_find(Method):
NO_CLI = True
takes_args = (parameters.Str(
'criteria',
required=False,
doc=_(u'A string searched in all relevant object attributes'),
), )
takes_options = (
parameters.Str(
'cn',
required=False,
),
parameters.DNParam(
'krbpwdpolicyreference',
required=False,
),
parameters.Int(
'cospriority',
required=False,
),
parameters.Int(
'timelimit',
required=False,
label=_(u'Time Limit'),
doc=_(u'Time limit of search in seconds'),
),
parameters.Int(
'sizelimit',
required=False,
label=_(u'Size Limit'),
doc=_(u'Maximum number of entries returned'),
),
parameters.Flag(
'all',
doc=
_(u'Retrieve and print all attributes from the server. Affects command output.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=
_(u'Print entries as stored on the server. Only affects output format.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'pkey_only',
required=False,
label=_(u'Primary key only'),
doc=_(u'Results should contain primary key attribute only ("cn")'),
default=False,
autofill=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.ListOfEntries('result', ),
output.Output(
'count',
int,
doc=_(u'Number of entries returned'),
),
output.Output(
'truncated',
bool,
doc=_(u'True if not all results were returned'),
),
)
class host(Object):
takes_params = (
parameters.Str(
'fqdn',
primary_key=True,
label=_(u'Host name'),
),
parameters.Str(
'description',
required=False,
label=_(u'Description'),
doc=_(u'A description of this host'),
),
parameters.Str(
'l',
required=False,
label=_(u'Locality'),
doc=_(u'Host locality (e.g. "Baltimore, MD")'),
),
parameters.Str(
'nshostlocation',
required=False,
label=_(u'Location'),
doc=_(u'Host location (e.g. "Lab 2")'),
),
parameters.Str(
'nshardwareplatform',
required=False,
label=_(u'Platform'),
doc=_(u'Host hardware platform (e.g. "Lenovo T61")'),
),
parameters.Str(
'nsosversion',
required=False,
label=_(u'Operating system'),
doc=_(u'Host operating system and version (e.g. "Fedora 9")'),
),
parameters.Str(
'userpassword',
required=False,
label=_(u'User password'),
doc=_(u'Password used in bulk enrollment'),
),
parameters.Flag(
'random',
required=False,
doc=_(u'Generate a random password to be used in bulk enrollment'),
),
parameters.Str(
'randompassword',
required=False,
label=_(u'Random password'),
),
parameters.Bytes(
'usercertificate',
required=False,
label=_(u'Certificate'),
doc=_(u'Base-64 encoded server certificate'),
),
parameters.Str(
'krbprincipalname',
required=False,
label=_(u'Principal name'),
),
parameters.Str(
'macaddress',
required=False,
multivalue=True,
label=_(u'MAC address'),
doc=_(u'Hardware MAC address(es) on this host'),
),
parameters.Str(
'ipasshpubkey',
required=False,
multivalue=True,
label=_(u'SSH public key'),
),
parameters.Str(
'userclass',
required=False,
multivalue=True,
label=_(u'Class'),
doc=_(u'Host category (semantics placed on this attribute are for local interpretation)'),
),
parameters.Str(
'ipaassignedidview',
required=False,
label=_(u'Assigned ID View'),
),
parameters.Bool(
'ipakrbrequirespreauth',
required=False,
label=_(u'Requires pre-authentication'),
doc=_(u'Pre-authentication is required for the service'),
),
parameters.Bool(
'ipakrbokasdelegate',
required=False,
label=_(u'Trusted for delegation'),
doc=_(u'Client credentials may be delegated to the service'),
),
parameters.Flag(
'has_password',
label=_(u'Password'),
),
parameters.Str(
'memberof_hostgroup',
required=False,
label=_(u'Member of host-groups'),
),
parameters.Str(
'memberof_role',
required=False,
label=_(u'Roles'),
),
parameters.Str(
'memberof_netgroup',
required=False,
label=_(u'Member of netgroups'),
),
parameters.Str(
'memberof_sudorule',
required=False,
label=_(u'Member of Sudo rule'),
),
parameters.Str(
'memberof_hbacrule',
required=False,
label=_(u'Member of HBAC rule'),
),
parameters.Str(
'memberofindirect_netgroup',
required=False,
label=_(u'Indirect Member of netgroup'),
),
parameters.Str(
'memberofindirect_hostgroup',
required=False,
label=_(u'Indirect Member of host-group'),
),
parameters.Str(
'memberofindirect_role',
required=False,
label=_(u'Indirect Member of role'),
),
parameters.Str(
'memberofindirect_sudorule',
required=False,
label=_(u'Indirect Member of Sudo rule'),
),
parameters.Str(
'memberofindirect_hbacrule',
required=False,
label=_(u'Indirect Member of HBAC rule'),
),
parameters.Flag(
'has_keytab',
label=_(u'Keytab'),
),
parameters.Str(
'managedby_host',
label=_(u'Managed by'),
),
parameters.Str(
'managing_host',
label=_(u'Managing'),
),
parameters.Str(
'ipaallowedtoperform_read_keys_user',
label=_(u'Users allowed to retrieve keytab'),
),
parameters.Str(
'ipaallowedtoperform_read_keys_group',
label=_(u'Groups allowed to retrieve keytab'),
),
parameters.Str(
'ipaallowedtoperform_read_keys_host',
label=_(u'Hosts allowed to retrieve keytab'),
),
parameters.Str(
'ipaallowedtoperform_read_keys_hostgroup',
label=_(u'Host Groups allowed to retrieve keytab'),
),
parameters.Str(
'ipaallowedtoperform_write_keys_user',
label=_(u'Users allowed to create keytab'),
),
parameters.Str(
'ipaallowedtoperform_write_keys_group',
label=_(u'Groups allowed to create keytab'),
),
parameters.Str(
'ipaallowedtoperform_write_keys_host',
label=_(u'Hosts allowed to create keytab'),
),
parameters.Str(
'ipaallowedtoperform_write_keys_hostgroup',
label=_(u'Host Groups allowed to create keytab'),
),
)
class cosentry_mod(Method):
NO_CLI = True
takes_args = (parameters.Str('cn', ), )
takes_options = (
parameters.DNParam(
'krbpwdpolicyreference',
required=False,
),
parameters.Int(
'cospriority',
required=False,
),
parameters.Str(
'setattr',
required=False,
multivalue=True,
doc=
_(u'Set an attribute to a name/value pair. Format is attr=value.\nFor multi-valued attributes, the command replaces the values already present.'
),
exclude=('webui', ),
),
parameters.Str(
'addattr',
required=False,
multivalue=True,
doc=
_(u'Add an attribute/value pair. Format is attr=value. The attribute\nmust be part of the schema.'
),
exclude=('webui', ),
),
parameters.Str(
'delattr',
required=False,
multivalue=True,
doc=
_(u'Delete an attribute/value pair. The option will be evaluated\nlast, after all sets and adds.'
),
exclude=('webui', ),
),
parameters.Flag(
'rights',
label=_(u'Rights'),
doc=
_(u'Display the access rights of this entry (requires --all). See ipa man page for details.'
),
default=False,
autofill=True,
),
parameters.Flag(
'all',
doc=
_(u'Retrieve and print all attributes from the server. Affects command output.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=
_(u'Print entries as stored on the server. Only affects output format.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.Entry('result', ),
output.PrimaryKey(
'value',
doc=_(
u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
),
)
class host_find(Method):
__doc__ = _("Search for hosts.")
takes_args = (
parameters.Str(
'criteria',
required=False,
doc=_(u'A string searched in all relevant object attributes'),
),
)
takes_options = (
parameters.Str(
'fqdn',
required=False,
cli_name='hostname',
label=_(u'Host name'),
no_convert=True,
),
parameters.Str(
'description',
required=False,
cli_name='desc',
label=_(u'Description'),
doc=_(u'A description of this host'),
),
parameters.Str(
'l',
required=False,
cli_name='locality',
label=_(u'Locality'),
doc=_(u'Host locality (e.g. "Baltimore, MD")'),
),
parameters.Str(
'nshostlocation',
required=False,
cli_name='location',
label=_(u'Location'),
doc=_(u'Host location (e.g. "Lab 2")'),
),
parameters.Str(
'nshardwareplatform',
required=False,
cli_name='platform',
label=_(u'Platform'),
doc=_(u'Host hardware platform (e.g. "Lenovo T61")'),
),
parameters.Str(
'nsosversion',
required=False,
cli_name='os',
label=_(u'Operating system'),
doc=_(u'Host operating system and version (e.g. "Fedora 9")'),
),
parameters.Str(
'userpassword',
required=False,
cli_name='password',
label=_(u'User password'),
doc=_(u'Password used in bulk enrollment'),
),
parameters.Bytes(
'usercertificate',
required=False,
cli_name='certificate',
label=_(u'Certificate'),
doc=_(u'Base-64 encoded server certificate'),
),
parameters.Str(
'macaddress',
required=False,
multivalue=True,
label=_(u'MAC address'),
doc=_(u'Hardware MAC address(es) on this host'),
no_convert=True,
),
parameters.Str(
'userclass',
required=False,
multivalue=True,
cli_name='class',
label=_(u'Class'),
doc=_(u'Host category (semantics placed on this attribute are for local interpretation)'),
),
parameters.Str(
'ipaassignedidview',
required=False,
label=_(u'Assigned ID View'),
exclude=('cli', 'webui'),
),
parameters.Int(
'timelimit',
required=False,
label=_(u'Time Limit'),
doc=_(u'Time limit of search in seconds'),
),
parameters.Int(
'sizelimit',
required=False,
label=_(u'Size Limit'),
doc=_(u'Maximum number of entries returned'),
),
parameters.Flag(
'all',
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
exclude=('webui',),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=_(u'Print entries as stored on the server. Only affects output format.'),
exclude=('webui',),
default=False,
autofill=True,
),
parameters.Flag(
'no_members',
doc=_(u'Suppress processing of membership attributes.'),
exclude=('webui', 'cli'),
default=False,
autofill=True,
),
parameters.Flag(
'pkey_only',
required=False,
label=_(u'Primary key only'),
doc=_(u'Results should contain primary key attribute only ("hostname")'),
default=False,
autofill=True,
),
parameters.Str(
'in_hostgroup',
required=False,
multivalue=True,
cli_name='in_hostgroups',
label=_(u'host group'),
doc=_(u'Search for hosts with these member of host groups.'),
),
parameters.Str(
'not_in_hostgroup',
required=False,
multivalue=True,
cli_name='not_in_hostgroups',
label=_(u'host group'),
doc=_(u'Search for hosts without these member of host groups.'),
),
parameters.Str(
'in_netgroup',
required=False,
multivalue=True,
cli_name='in_netgroups',
label=_(u'netgroup'),
doc=_(u'Search for hosts with these member of netgroups.'),
),
parameters.Str(
'not_in_netgroup',
required=False,
multivalue=True,
cli_name='not_in_netgroups',
label=_(u'netgroup'),
doc=_(u'Search for hosts without these member of netgroups.'),
),
parameters.Str(
'in_role',
required=False,
multivalue=True,
cli_name='in_roles',
label=_(u'role'),
doc=_(u'Search for hosts with these member of roles.'),
),
parameters.Str(
'not_in_role',
required=False,
multivalue=True,
cli_name='not_in_roles',
label=_(u'role'),
doc=_(u'Search for hosts without these member of roles.'),
),
parameters.Str(
'in_hbacrule',
required=False,
multivalue=True,
cli_name='in_hbacrules',
label=_(u'HBAC rule'),
doc=_(u'Search for hosts with these member of HBAC rules.'),
),
parameters.Str(
'not_in_hbacrule',
required=False,
multivalue=True,
cli_name='not_in_hbacrules',
label=_(u'HBAC rule'),
doc=_(u'Search for hosts without these member of HBAC rules.'),
),
parameters.Str(
'in_sudorule',
required=False,
multivalue=True,
cli_name='in_sudorules',
label=_(u'sudo rule'),
doc=_(u'Search for hosts with these member of sudo rules.'),
),
parameters.Str(
'not_in_sudorule',
required=False,
multivalue=True,
cli_name='not_in_sudorules',
label=_(u'sudo rule'),
doc=_(u'Search for hosts without these member of sudo rules.'),
),
parameters.Str(
'enroll_by_user',
required=False,
multivalue=True,
cli_name='enroll_by_users',
label=_(u'user'),
doc=_(u'Search for hosts with these enrolled by users.'),
),
parameters.Str(
'not_enroll_by_user',
required=False,
multivalue=True,
cli_name='not_enroll_by_users',
label=_(u'user'),
doc=_(u'Search for hosts without these enrolled by users.'),
),
parameters.Str(
'man_by_host',
required=False,
multivalue=True,
cli_name='man_by_hosts',
label=_(u'host'),
doc=_(u'Search for hosts with these managed by hosts.'),
),
parameters.Str(
'not_man_by_host',
required=False,
multivalue=True,
cli_name='not_man_by_hosts',
label=_(u'host'),
doc=_(u'Search for hosts without these managed by hosts.'),
),
parameters.Str(
'man_host',
required=False,
multivalue=True,
cli_name='man_hosts',
label=_(u'host'),
doc=_(u'Search for hosts with these managing hosts.'),
),
parameters.Str(
'not_man_host',
required=False,
multivalue=True,
cli_name='not_man_hosts',
label=_(u'host'),
doc=_(u'Search for hosts without these managing hosts.'),
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.ListOfEntries(
'result',
),
output.Output(
'count',
int,
doc=_(u'Number of entries returned'),
),
output.Output(
'truncated',
bool,
doc=_(u'True if not all results were returned'),
),
)
class pwpolicy_find(Method):
__doc__ = _("Search for group password policies.")
takes_args = (parameters.Str(
'criteria',
required=False,
doc=_(u'A string searched in all relevant object attributes'),
), )
takes_options = (
parameters.Str(
'cn',
required=False,
cli_name='group',
label=_(u'Group'),
doc=_(u'Manage password policy for specific group'),
),
parameters.Int(
'krbmaxpwdlife',
required=False,
cli_name='maxlife',
label=_(u'Max lifetime (days)'),
doc=_(u'Maximum password lifetime (in days)'),
),
parameters.Int(
'krbminpwdlife',
required=False,
cli_name='minlife',
label=_(u'Min lifetime (hours)'),
doc=_(u'Minimum password lifetime (in hours)'),
),
parameters.Int(
'krbpwdhistorylength',
required=False,
cli_name='history',
label=_(u'History size'),
doc=_(u'Password history size'),
),
parameters.Int(
'krbpwdmindiffchars',
required=False,
cli_name='minclasses',
label=_(u'Character classes'),
doc=_(u'Minimum number of character classes'),
),
parameters.Int(
'krbpwdminlength',
required=False,
cli_name='minlength',
label=_(u'Min length'),
doc=_(u'Minimum length of password'),
),
parameters.Int(
'cospriority',
required=False,
cli_name='priority',
label=_(u'Priority'),
doc=_(
u'Priority of the policy (higher number means lower priority'),
),
parameters.Int(
'krbpwdmaxfailure',
required=False,
cli_name='maxfail',
label=_(u'Max failures'),
doc=_(u'Consecutive failures before lockout'),
),
parameters.Int(
'krbpwdfailurecountinterval',
required=False,
cli_name='failinterval',
label=_(u'Failure reset interval'),
doc=_(u'Period after which failure count will be reset (seconds)'),
),
parameters.Int(
'krbpwdlockoutduration',
required=False,
cli_name='lockouttime',
label=_(u'Lockout duration'),
doc=_(u'Period for which lockout is enforced (seconds)'),
),
parameters.Int(
'timelimit',
required=False,
label=_(u'Time Limit'),
doc=_(u'Time limit of search in seconds'),
),
parameters.Int(
'sizelimit',
required=False,
label=_(u'Size Limit'),
doc=_(u'Maximum number of entries returned'),
),
parameters.Flag(
'all',
doc=
_(u'Retrieve and print all attributes from the server. Affects command output.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=
_(u'Print entries as stored on the server. Only affects output format.'
),
exclude=('webui', ),
default=False,
autofill=True,
),
parameters.Flag(
'pkey_only',
required=False,
label=_(u'Primary key only'),
doc=_(
u'Results should contain primary key attribute only ("group")'
),
default=False,
autofill=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.ListOfEntries('result', ),
output.Output(
'count',
int,
doc=_(u'Number of entries returned'),
),
output.Output(
'truncated',
bool,
doc=_(u'True if not all results were returned'),
),
)
class cert_find(Command):
__doc__ = _("Search for existing certificates.")
takes_options = (
parameters.Str(
'subject',
required=False,
label=_(u'Subject'),
),
parameters.Int(
'revocation_reason',
required=False,
label=_(u'Reason'),
doc=_(u'Reason for revoking the certificate (0-10)'),
),
parameters.Int(
'min_serial_number',
required=False,
doc=_(u'minimum serial number'),
),
parameters.Int(
'max_serial_number',
required=False,
doc=_(u'maximum serial number'),
),
parameters.Flag(
'exactly',
required=False,
doc=_(u'match the common name exactly'),
default=False,
autofill=True,
),
parameters.Str(
'validnotafter_from',
required=False,
doc=_(u'Valid not after from this date (YYYY-mm-dd)'),
),
parameters.Str(
'validnotafter_to',
required=False,
doc=_(u'Valid not after to this date (YYYY-mm-dd)'),
),
parameters.Str(
'validnotbefore_from',
required=False,
doc=_(u'Valid not before from this date (YYYY-mm-dd)'),
),
parameters.Str(
'validnotbefore_to',
required=False,
doc=_(u'Valid not before to this date (YYYY-mm-dd)'),
),
parameters.Str(
'issuedon_from',
required=False,
doc=_(u'Issued on from this date (YYYY-mm-dd)'),
),
parameters.Str(
'issuedon_to',
required=False,
doc=_(u'Issued on to this date (YYYY-mm-dd)'),
),
parameters.Str(
'revokedon_from',
required=False,
doc=_(u'Revoked on from this date (YYYY-mm-dd)'),
),
parameters.Str(
'revokedon_to',
required=False,
doc=_(u'Revoked on to this date (YYYY-mm-dd)'),
),
parameters.Int(
'sizelimit',
required=False,
label=_(u'Size Limit'),
doc=_(u'Maximum number of certs returned'),
default=100,
),
parameters.Flag(
'all',
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
exclude=('webui',),
default=False,
autofill=True,
),
parameters.Flag(
'raw',
doc=_(u'Print entries as stored on the server. Only affects output format.'),
exclude=('webui',),
default=False,
autofill=True,
),
)
has_output = (
output.Output(
'summary',
(unicode, type(None)),
doc=_(u'User-friendly description of action performed'),
),
output.ListOfEntries(
'result',
),
output.Output(
'count',
int,
doc=_(u'Number of entries returned'),
),
output.Output(
'truncated',
bool,
doc=_(u'True if not all results were returned'),
),
)
class migrate_ds(Command):
__doc__ = _("Migrate users and groups from DS to IPA.")
takes_args = (
parameters.Str(
'ldapuri',
cli_name='ldap_uri',
label=_(u'LDAP URI'),
doc=_(u'LDAP URI of DS server to migrate from'),
),
parameters.Password(
'bindpw',
cli_name='password',
label=_(u'Password'),
doc=_(u'bind password'),
),
)
takes_options = (
parameters.DNParam(
'binddn',
required=False,
cli_name='bind_dn',
label=_(u'Bind DN'),
default=DN(u'cn=directory manager'),
autofill=True,
),
parameters.DNParam(
'usercontainer',
cli_name='user_container',
label=_(u'User container'),
doc=_(u'DN of container for users in DS relative to base DN'),
default=DN(u'ou=people'),
autofill=True,
),
parameters.DNParam(
'groupcontainer',
cli_name='group_container',
label=_(u'Group container'),
doc=_(u'DN of container for groups in DS relative to base DN'),
default=DN(u'ou=groups'),
autofill=True,
),
parameters.Str(
'userobjectclass',
multivalue=True,
cli_name='user_objectclass',
label=_(u'User object class'),
doc=
_(u'Comma-separated list of objectclasses used to search for user entries in DS'
),
default=(u'person', ),
autofill=True,
),
parameters.Str(
'groupobjectclass',
multivalue=True,
cli_name='group_objectclass',
label=_(u'Group object class'),
doc=
_(u'Comma-separated list of objectclasses used to search for group entries in DS'
),
default=(u'groupOfUniqueNames', u'groupOfNames'),
autofill=True,
),
parameters.Str(
'userignoreobjectclass',
required=False,
multivalue=True,
cli_name='user_ignore_objectclass',
label=_(u'Ignore user object class'),
doc=
_(u'Comma-separated list of objectclasses to be ignored for user entries in DS'
),
default=(),
autofill=True,
),
parameters.Str(
'userignoreattribute',
required=False,
multivalue=True,
cli_name='user_ignore_attribute',
label=_(u'Ignore user attribute'),
doc=
_(u'Comma-separated list of attributes to be ignored for user entries in DS'
),
default=(),
autofill=True,
),
parameters.Str(
'groupignoreobjectclass',
required=False,
multivalue=True,
cli_name='group_ignore_objectclass',
label=_(u'Ignore group object class'),
doc=
_(u'Comma-separated list of objectclasses to be ignored for group entries in DS'
),
default=(),
autofill=True,
),
parameters.Str(
'groupignoreattribute',
required=False,
multivalue=True,
cli_name='group_ignore_attribute',
label=_(u'Ignore group attribute'),
doc=
_(u'Comma-separated list of attributes to be ignored for group entries in DS'
),
default=(),
autofill=True,
),
parameters.Flag(
'groupoverwritegid',
cli_name='group_overwrite_gid',
label=_(u'Overwrite GID'),
doc=
_(u'When migrating a group already existing in IPA domain overwrite the group GID and report as success'
),
default=False,
autofill=True,
),
parameters.Str(
'schema',
required=False,
cli_metavar="['RFC2307bis', 'RFC2307']",
label=_(u'LDAP schema'),
doc=
_(u'The schema used on the LDAP server. Supported values are RFC2307 and RFC2307bis. The default is RFC2307bis'
),
default=u'RFC2307bis',
autofill=True,
),
parameters.Flag(
'continue',
required=False,
label=_(u'Continue'),
doc=
_(u'Continuous operation mode. Errors are reported but the process continues'
),
default=False,
autofill=True,
),
parameters.DNParam(
'basedn',
required=False,
cli_name='base_dn',
label=_(u'Base DN'),
doc=_(u'Base DN on remote LDAP server'),
),
parameters.Flag(
'compat',
required=False,
cli_name='with_compat',
label=_(u'Ignore compat plugin'),
doc=_(u'Allows migration despite the usage of compat plugin'),
default=False,
autofill=True,
),
parameters.Str(
'exclude_groups',
required=False,
multivalue=True,
doc=_(u'comma-separated list of groups to exclude from migration'),
default=(),
autofill=True,
),
parameters.Str(
'exclude_users',
required=False,
multivalue=True,
doc=_(u'comma-separated list of users to exclude from migration'),
default=(),
autofill=True,
),
)
has_output = (
output.Output(
'result',
dict,
doc=_(u'Lists of objects migrated; categorized by type.'),
),
output.Output(
'failed',
dict,
doc=
_(u'Lists of objects that could not be migrated; categorized by type.'
),
),
output.Output(
'enabled',
bool,
doc=_(u'False if migration mode was disabled.'),
),
output.Output(
'compat',
bool,
doc=
_(u'False if migration fails because the compatibility plug-in is enabled.'
),
),
)
