def execute(self, **options):
        aciname = u'Enable Anonymous access'
        aciprefix = u'none'
        ldap = self.obj.backend
        targetfilter = '(&(!(objectClass=ipaToken))(!(objectClass=ipatokenTOTP))(!(objectClass=ipatokenRadiusConfiguration)))'
        filter = None

        (dn, entry_attrs) = ldap.get_entry(api.env.basedn, ['aci'])

        acistrs = entry_attrs.get('aci', [])
        acilist = aci._convert_strings_to_acis(entry_attrs.get('aci', []))
        try:
            rawaci = aci._find_aci_by_name(acilist, aciprefix, aciname)
        except errors.NotFound:
            root_logger.error('Anonymous ACI not found, cannot update it')
            return False, False, []

        attrs = rawaci.target['targetattr']['expression']
        rawfilter = rawaci.target.get('targetfilter', None)
        if rawfilter is not None:
            filter = rawfilter['expression']

        update_attrs = deepcopy(attrs)

        needed_attrs = []
        for attr in ('ipaNTTrustAuthOutgoing', 'ipaNTTrustAuthIncoming'):
            if attr not in attrs:
                needed_attrs.append(attr)

        update_attrs.extend(needed_attrs)
        if (len(attrs) == len(update_attrs) and
            filter == targetfilter):
            root_logger.debug("Anonymous ACI already update-to-date")
            return (False, False, [])

        for tmpaci in acistrs:
            candidate = ACI(tmpaci)
            if rawaci.isequal(candidate):
                acistrs.remove(tmpaci)
                break

        if len(attrs) != len(update_attrs):
            root_logger.debug("New Anonymous ACI attributes needed: %s",
                needed_attrs)

            rawaci.target['targetattr']['expression'] = update_attrs

        if filter != targetfilter:
            root_logger.debug("New Anonymous ACI targetfilter needed.")

            rawaci.set_target_filter(targetfilter)

        acistrs.append(unicode(rawaci))
        entry_attrs['aci'] = acistrs

        try:
            ldap.update_entry(dn, entry_attrs)
        except Exception, e:
            root_logger.error("Failed to update Anonymous ACI: %s" % e)
    def get_anonymous_read_aci(self, ldap):
        aciname = u'Enable Anonymous access'
        aciprefix = u'none'

        base_entry = ldap.get_entry(self.api.env.basedn, ['aci'])

        acistrs = base_entry.get('aci', [])
        acilist = aci._convert_strings_to_acis(acistrs)
        try:
            return aci._find_aci_by_name(acilist, aciprefix, aciname)
        except errors.NotFound:
            return None
Exemple #3
0
    def get_anonymous_read_aci(self, ldap):
        aciname = u'Enable Anonymous access'
        aciprefix = u'none'

        base_entry = ldap.get_entry(self.api.env.basedn, ['aci'])

        acistrs = base_entry.get('aci', [])
        acilist = aci._convert_strings_to_acis(acistrs)
        try:
            return aci._find_aci_by_name(acilist, aciprefix, aciname)
        except errors.NotFound:
            return None
    def execute(self, **options):
        aciname = u'Enable Anonymous access'
        aciprefix = u'none'
        ldap = self.obj.backend

        (dn, entry_attrs) = ldap.get_entry(api.env.basedn, ['aci'])

        acistrs = entry_attrs.get('aci', [])
        acilist = aci._convert_strings_to_acis(entry_attrs.get('aci', []))
        rawaci = aci._find_aci_by_name(acilist, aciprefix, aciname)

        attrs = rawaci.target['targetattr']['expression']

        update_attrs = deepcopy(attrs)

        needed_attrs = []
        for attr in ('ipaNTTrustAuthOutgoing', 'ipaNTTrustAuthIncoming'):
            if attr not in attrs:
                needed_attrs.append(attr)

        update_attrs.extend(needed_attrs)
        if len(attrs) == len(update_attrs):
            root_logger.debug("Anonymous ACI already update-to-date")
            return (False, False, [])
        else:
            root_logger.debug("New Anonymous ACI attributes needed: %s",
                needed_attrs)

        for tmpaci in acistrs:
            candidate = ACI(tmpaci)
            if rawaci.isequal(candidate):
                acistrs.remove(tmpaci)
                break

        rawaci.target['targetattr']['expression'] = update_attrs
        acistrs.append(unicode(rawaci))
        entry_attrs['aci'] = acistrs

        try:
            ldap.update_entry(dn, entry_attrs)
        except Exception, e:
            root_logger.error("Failed to update Anonymous ACI: %s" % e)